The Bitwarden CLI NPM package was compromised in a supply chain attack delivering a malicious JavaScript payload designed to steal credentials and secrets from victim environments. The malware alters execution paths to run a loader that downloads and executes a Bun archive payload. This payload targets secrets across Azure, AWS, GitHub, GCP, NPM, SSH keys, shell history, AI tooling configurations, and MCP-related files. It weaponizes stolen GitHub tokens to create repositories, branches, and workflows in victims' GitHub accounts to extract additional secrets. Data exfiltration occurs over HTTPS or via GitHub repositories if HTTPS fails. The attack is connected to a recent Checkmarx supply chain compromise and shares malware characteristics with campaigns linked to TeamPCP and the Shai-Hulud worm. Bitwarden's investigation found no evidence of compromise to user vault data or production systems.

The attack enables extensive credential and secret theft from developer environments and cloud accounts, potentially exposing sensitive tokens, keys, and configuration data. The malware's ability to pivot across multiple secret stores and abuse GitHub Actions increases the risk of widespread credential exposure. However, Bitwarden confirmed that end user vault data and production systems were not accessed or compromised. There are no confirmed exploits in the wild beyond the supply chain compromise itself.

Bitwarden has confirmed the supply chain compromise and is investigating the incident. Users should verify the integrity of the Bitwarden CLI NPM package and avoid using the compromised version 2026.4.0. Immediate rotation of secrets and credentials potentially exposed by the malware is recommended, especially for GitHub tokens and cloud service credentials. Monitor for unauthorized GitHub repositories or workflows created in your accounts. Follow vendor advisories for updates and patches. Patch status is not yet confirmed—check Bitwarden and related vendor advisories for current remediation guidance.