The Bitwarden CLI NPM package was compromised in a supply chain attack that installed a loader to fetch and execute a JavaScript payload which systematically harvested credentials and secrets across local systems, CI pipelines, GitHub, and multiple cloud providers. Analysts link the incident to a broader OSS supply chain campaign related to Shai-Hulud and to recent Checkmarx/Trivy compromises, though attribution remains inconclusive. #Bitwarden #ShaiHulud
Keypoints
- The malicious Bitwarden CLI package (v2026.4.0) altered its execution path to run a loader that downloaded a Bun archive from GitHub.
- The payload included collectors that targeted Azure, AWS, GCP, GitHub, NPM tokens, SSH material, shell history, AI tooling configs, and MCP files.
- Harvested GitHub tokens were abused to create repositories, commit workflows, and download artifacts to extract additional secrets.
- Data exfiltration attempted HTTPS and fell back to GitHub paths, increasing the chance that exposed credentials become publicly discoverable.
- Investigations link the attack to the Shai-Hulud ecosystem and to the Checkmarx/Trivy incidents and mention TeamPCP, but operational differences complicate definitive attribution.
Read More: https://www.securityweek.com/bitwarden-npm-package-hit-in-supply-chain-attack/