Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Summary
Socket Research Team reports a compromise of Bitwarden CLI 2026.4.0 as part of the Checkmarx supply chain campaign, introduced via a compromised GitHub Action in Bitwarden’s CI/CD pipeline. The article provides technical analysis, IOCs, and actionable remediation steps, noting the incident affects only the npm package for the CLI and that the investigation is ongoing.