Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
The Hacker News

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...
Digital Trends

Bitwarden review: This open-source password manager unlocks choice

“Why you can trust Digital Trends – We have a 20-year history of testing, reviewing, and rating products, services and apps to help you make a sound buying decision. Find out more about how we test ...