Bitwarden CLI password manager trojanized in supply chain attack
Summary
A malicious version of the Bitwarden CLI password manager was published on the npm registry in a supply chain attack. The compromised GitHub Action in Bitwarden's CI/CD pipeline allowed attackers to inject malicious code, though no end-user vault data was accessed. This attack is linked to a group known as TeamPCP, responsible for other recent supply chain compromises.
IFF Assessment
This is bad news for defenders as it highlights a successful supply chain attack targeting a widely used security tool, potentially compromising development credentials.
Defender Context
Defenders should be vigilant about the integrity of their software supply chains, especially when using open-source tools. This incident underscores the importance of verifying package sources and versions, and having robust monitoring in place to detect unauthorized changes or additions to development pipelines.