Cybersecurity

Bitwarden CLI Hijacked in npm Supply Chain Attack Linked to TeamPCP & Checkmarx Breach

46 sec read2 views0 listens

Summary of Bitwarden CLI Compromise and Mitigation

Overview: On April 22, the npm package @bitwarden/cli was compromised with a malicious version (2026.4.0) that was active for approximately 90 minutes. This compromised package could steal credentials and propagate through supply chains.

Immediate Actions for Affected Users

Uninstall Malicious Package:
```
bash
1npm uninstall -g @bitwarden/cli
```

Clean Cache and Disable Scripts:

bash
1npm cache clean --force
2npm config set ignore-scripts true

Search for Artifacts Left by the Malware:

bash
1rg -n "audit.checkmarx.cx|LongLiveTheResistanceAgainstMachines|beautifulcastle" .
2ls -la bun bun.exe bw1.js bw_setup.js 2>/dev/null

Rotate Credentials:
- Revoke all GitHub personal access tokens and re-authenticate.
- Rotate npm publish tokens, especially those used in CI/CD pipelines.
- Audit AWS access keys and SSM Parameter Store

Read the full article at SOCRadar-? Cyber Intelligence Inc.

Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.

[AINews] The Unreasonable Effectiveness of Closing the Loop

Claude Code Remote Control rollout announced by @claudeai. Qwen 3.5 Medium Model Series released by @Alibaba_Qwen. Cursor agents now ship "demos not diffs" as per @cursor_ai. Karpathy discusses CLIs as agent-native interface on Twitter. Meta and AMD...

Ali Nemati

E-Commerce & RetailFeb 2530 sec read

How IKEA got closer to its shoppers with new small-format stores, Best Buy partnership

IKEA announced plans for four new U.S. stores in 2026, including its first small-format stores that blend elements of larger stores into a smaller space, aiming to increase accessibility; it also launched a partnership with Best Buy to integrate IKEA...

Ali Nemati

GamingFeb 2525 sec read

New Xbox Leadership Confirms No Microsoft Pressure to Increase AI Use

New Xbox leaders Asha Sharma and Matt Booty assure there will be no pressure for developers to use AI, emphasizing a commitment to maintaining high-quality content over technological trends. This stance is significant as it reassures content creators...

Ali Nemati

AI & Machine LearningFeb 2526 sec read

Why do deep technical searches still take hours - and what actually fixes them?

The article discusses the inefficiencies in technical research workflows due to fragmented information retrieval from PDFs and other sources, leading to incomplete understanding and delayed decision-making. It proposes a structured approach involving...

Ali Nemati

AI & Machine LearningFeb 2529 sec read

Why Deep Research Fails Fast (and How to Stop Burning Time)

The article discusses common pitfalls in integrating deep AI research into products, highlighting issues like treating research as a black-box process and over-relying on single models without proper retrieval checks. It emphasizes the importance of ...

Ali Nemati

Bitwarden CLI Hijacked in npm Supply Chain Attack Linked to TeamPCP & Checkmarx Breach

Summary of Bitwarden CLI Compromise and Mitigation

Immediate Actions for Affected Users

Related Articles

[AINews] The Unreasonable Effectiveness of Closing the Loop

How IKEA got closer to its shoppers with new small-format stores, Best Buy partnership

New Xbox Leadership Confirms No Microsoft Pressure to Increase AI Use

Why do deep technical searches still take hours - and what actually fixes them?

Why Deep Research Fails Fast (and How to Stop Burning Time)