Bitwarden Confirms Compromise—Here Are The Facts

Bitwarden has confirmed a serious security incident in which a compromised product was made public. Here's why most users ...
The Hacker News

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...
TechRepublic

ZenRAT Malware Targets Windows Users Via Fake Bitwarden Password Manager Installation Package

ZenRAT Malware Targets Windows Users Via Fake Bitwarden Password Manager Installation Package Your email has been sent We talked to Proofpoint researchers about this new malware threat and how it ...
Dark Reading

Novel ZenRAT Scurries Onto Systems via Fake Password Manager Tool

A novel info-stealing malware variant is lurking behind fake installation packages of the open source password manager Bitwarden, in an elaborate scheme exclusively targeting Windows users. The attack ...
Bleeping Computer

Fake Bitwarden sites push new ZenRAT password-stealing malware

Fake Bitwarden sites are pushing installers purportedly for the open-source password manager that carry a new password-stealing malware that security researchers call ZenRAT. The malware is ...
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Checkmarx-style supply chain attack hits password manager Bitwarden

A malicious version of the Bitwarden command-line interface (CLI) password manager was briefly distributed via the Node ...
CSO Online

Bitwarden CLI password manager trojanized in supply chain attack

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...