top of page
ALL POSTS
Bitwarden CLI Compromised in Supply Chain Attack Through Checkmarx
Key Findings Bitwarden CLI version 2026.4.0 was compromised through a malicious GitHub Action in the project's CI/CD pipeline, affecting the npm distribution mechanism The attack was part of the ongoing Checkmarx supply chain campaign, likely orchestrated by threat actor TeamPCP Malicious code in bw1.js executed a preinstall hook that stole GitHub tokens, npm credentials, SSH keys, cloud secrets, and shell history Stolen data was exfiltrated to a fake Checkmarx domain (audit.
Apr 243 min read
Hackers Exploit React Native CLI Flaw to Deploy Rust Malware
Key Findings Threat actors have been observed exploiting a critical security flaw, CVE-2025-11953, impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. The vulnerability, also known as "Metro4Shell," allows remote unauthenticated attackers to execute arbitrary operating system commands on the underlying host. VulnCheck, a cybersecurity company, first observed the exploitation of this flaw on December 21, 2025, with a CVSS score of 9
Feb 32 min read
bottom of page
