Key Findings TeamPCP compromised the widely-used @bitwarden/cli npm package on April 20, 2026, targeting developers who rely on Bitwarden for credential management The attack leveraged Dependabot, GitHub's trusted automation bot, to pull a trojanized Checkmarx KICS Docker image and execute malware with CI privileges Shai-Hulud malware uses GitHub itself as a fallback command and control server when primary infrastructure is blocked, making it unusually resilient The worm inje
