top of page
ALL POSTS
TeamPCP Hijacks Bitwarden CLI, Exploits Dependabot to Distribute Shai-Hulud Malware
Key Findings TeamPCP compromised the widely-used @bitwarden/cli npm package on April 20, 2026, targeting developers who rely on Bitwarden for credential management The attack leveraged Dependabot, GitHub's trusted automation bot, to pull a trojanized Checkmarx KICS Docker image and execute malware with CI privileges Shai-Hulud malware uses GitHub itself as a fallback command and control server when primary infrastructure is blocked, making it unusually resilient The worm inje
Apr 252 min read
Bitwarden CLI Compromised in Supply Chain Attack Through Checkmarx
Key Findings Bitwarden CLI version 2026.4.0 was compromised through a malicious GitHub Action in the project's CI/CD pipeline, affecting the npm distribution mechanism The attack was part of the ongoing Checkmarx supply chain campaign, likely orchestrated by threat actor TeamPCP Malicious code in bw1.js executed a preinstall hook that stole GitHub tokens, npm credentials, SSH keys, cloud secrets, and shell history Stolen data was exfiltrated to a fake Checkmarx domain (audit.
Apr 243 min read
Researchers Expose 27 Critical Vulnerabilities in Top Password Managers
Key Findings Researchers executed 27 successful attacks against industry-leading password managers Bitwarden, LastPass, and Dashlane Attacks show how compromised servers and design flaws can expose encrypted vault data 1Password emerged as the most secure option due to its use of a Secret Key Background We often treat cloud-based password managers as digital safes that only we can open. These services rely on Zero-Knowledge Encryption, a marketing promise that the company sto
Feb 221 min read
bottom of page
