Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

April 23, 2026
No Comments

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from Socket.
“The affected package version appears to be @bitwarden/[email protected], and the malicious code was published in ‘bw1.js,’ a file included in the package contents,” the application security company said.
“The attack appears to have leveraged a

Leave a Reply Cancel reply

Rogue users allegedly access Anthropic’s restricted Claude Mythos model April 23, 2026
Unsanctioned users have allegedly accessed Anthropic’s controversial Claude Mythos Preview AI frontier model although the company has limited the businesses that can use it. The group, who have yet to be named, had apparently made many attempts to access Mythos since it debuted earlier this month. They finally gained access via a third-party vendor. The users who accessed Mythos on the day it was announced are members of a […]
Kirsten Doyle
How integrated GIS is powering the next generation of industrial cyber resilience April 23, 2026
Cyber professionals have spent countless hours reinforcing the systems of myriad industries. Now, some of them are reciprocating, as integrating geographic information systems (GIS) with enterprise IT/OT systems becomes more common. By mapping location-based data against utility infrastructure, these platforms allow teams to analyze real-time variables and harden strategic decision-making. GIS tools add another layer […]
Emily Newton
Vercel confirms April 2026 security incident linked to third-party AI tool April 22, 2026
Cloud development platform Vercel has confirmed a security incident involving unauthorized access to parts of its internal systems, following a breach disclosed in April 2026. In an official security bulletin, the company stated: “We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems.” Vercel added that it is “actively investigating” the incident, has engaged incident response experts, and notified law enforcement […]
Kirsten Doyle
The 7 Top AI SOC Platforms to Watch in 2026 April 21, 2026
AI SOC platforms have been gaining rapid traction in the industry over the past few years. and will continue to grow in popularity as their usability and time-saving capabilities are demonstrated. These AI-driven, often agentic SOC platforms sit at the intersection of autonomy and human oversight, doing the heavy work on alert investigations so SOCs can spend their […]
Katrina Thompson
The Real Cyber Awards and Conference opens for entries April 20, 2026
Entries have opened for the Real Cyber Awards 2026 and Conference, a UK-based cybersecurity event designed to recognise the organisations and individuals working to keep businesses secure. Positioned as a platform to highlight “the real work happening in cybersecurity today,” the awards are free to enter, with shortlisted nominees receiving two complimentary tickets to attend […]
Kirsten Doyle
Pro-Russian threat actors target Swedish heat and power plant in failed cyberattack April 20, 2026
In 2025, pro-Russian threat actors attempted to disrupt a Combined Heat and Power (CHP) facility in western Sweden. A failed attack on dual-purpose critical infrastructure serving both electricity generation and district heating networks. The Minister for Civil Defence of Sweden, Carl-Oskar Bohlin, revealed in a news conference that the cyber-attack had been conducted in the spring of 2025 and the perpetrators […]
Kirsten Doyle
Security trends today: AI escalation, identity exposure, and the operationalization of Zero Trust April 16, 2026
Security conversations are no longer centered on whether attacks will increase; instead, they are focused on evolving threats, how convincingly threat actors impersonate trust, and how prepared organizations are to detect what they have never seen before. Because cybercriminals use the same technologies enterprises are racing to adopt, AI is not just reshaping business workflows. […]
Joseph Campbell
OpenAI expands cybersecurity program with GPT-5.4-Cyber model April 16, 2026
OpenAI will be expanding its cybersecurity efforts by increasing the number of verified defenders served by its Trusted Access for Cyber (TAC) program into the thousands, with hundreds more security teams to follow. This move aims to address the challenge of defenders and attackers increasingly using AI, accelerating the pace and complexity of cyber threats. At the […]
Kirsten Doyle
When PUPs bite: Huntress uncovers “weaponised” adware exposing 25,000+ systems April 16, 2026
Cybersecurity provider Huntress has identified a major security threat. What appeared to be an unassuming potentially unwanted program (PUP) has transformed into a threat that can disable antivirus systems and put thousands of endpoints at risk. As mentioned in a recent blog, the cyberattack involves the signing of an application via Dragon Boss Solutions, which researchers term adware. The software uses […]
Kirsten Doyle
Why the cybersecurity skills gap is partly self-inflicted April 7, 2026
The cybersecurity skills gap is usually framed as a hiring problem. Organizations respond by expanding recruitment pipelines, investing in certifications, and launching internal training programs. The logic seems simple: if security teams are understaffed, the solution is to add more talent. There is some truth to that. Skilled cybersecurity professionals are indeed scarce globally. The […]
Apu Pavithran

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Project Glasswing Proved AI Can Find the Bugs. Who’s Going to Fix Them?

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

Leave a Reply Cancel reply

[email protected]

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Share :

Leave a Reply Cancel reply