Signal

Bitwarden CLI compromised in supply chain attack linked to TeamPCP

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-04-23 19:21 UTCUpdated 2026-04-24 15:34 UTC

rss

cveexploitsmalwarethreat_actorssecurity_toolingincident_response

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (5)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Checkmarx supply chain hack impacts Bitwarden CLI

SC Media · News · scworld.com · 2026-04-24 15:34 UTC

Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation

Infosecurity Magazine · News · infosecurity-magazine.com · 2026-04-24 08:10 UTC

Bitwarden NPM Package Hit in Supply Chain Attack

SecurityWeek · News · securityweek.com · 2026-04-24 08:07 UTC

Bitwarden CLI password manager trojanized in supply chain attack

CSO Online · News · csoonline.com · 2026-04-23 23:09 UTC

View all evidence

Overview

A malicious version of Bitwarden CLI was briefly published on npm following a supply chain attack linked to the threat group TeamPCP and the Checkmarx hack.

Score total

1.5

Momentum 24h

5

Posts

5

Origins

5

Source types

1

Duplicate ratio

0%

Why now

The attack occurred recently and was swiftly mitigated, underscoring the importance of timely threat detection.
It is linked to a broader campaign involving the Checkmarx supply chain breach, indicating coordinated threat activity.
Developers and organizations must remain vigilant against supply chain compromises in software dependencies.

Why it matters

Supply chain attacks on popular open-source tools risk widespread credential theft and malware spread.
Quick detection and remediation are critical to prevent compromise of sensitive user data and developer environments.
This incident highlights the ongoing threat posed by sophisticated groups like TeamPCP targeting CI/CD pipelines.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Bitwarden CLI npm package was compromised in a supply chain attack linked to TeamPCP and Checkmarx breach
The malicious Bitwarden CLI version contained credential-stealing malware capable of worm-like propagation
The malicious package was detected and removed within 1.5 hours with no evidence of user data compromise

How sources frame it

CSO Online: neutral

All evidence

All evidence

Checkmarx supply chain hack impacts Bitwarden CLI

SC Media · scworld.com · 2026-04-24 15:34 UTC

Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation

Infosecurity Magazine · infosecurity-magazine.com · 2026-04-24 08:10 UTC

Bitwarden NPM Package Hit in Supply Chain Attack

SecurityWeek · securityweek.com · 2026-04-24 08:07 UTC

Bitwarden CLI password manager trojanized in supply chain attack

CSO Online · csoonline.com · 2026-04-23 23:09 UTC

Bitwarden CLI npm package compromised to steal developer credentials

BleepingComputer · bleepingcomputer.com · 2026-04-23 19:21 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 5Origin domains: 5Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 5 / 0

Top publishers (this list)

SC Media (1)
Infosecurity Magazine (1)
SecurityWeek (1)
CSO Online (1)
BleepingComputer (1)

Top origin domains (this list)

scworld.com (1)
infosecurity-magazine.com (1)
securityweek.com (1)
csoonline.com (1)
bleepingcomputer.com (1)