78
Bitwarden CLI was compromised as part of an ongoing Checkmarx-related supply chain attack (alternativeto.net)
submitted 1 week ago* (last edited 1 week ago) by Fedpie@sopuli.xyz to c/privacy@lemmy.ml
18 comments fedilink hide all child comments

Link to the bitwarden post https://community.bitwarden.com/t/bitwarden-statement-on-checkmarx-supply-chain-incident/96127

top 18 comments
sorted by: hot top new old
[-] trevor@lemmy.blahaj.zone 34 points 1 week ago

Checkmarx itself is associated with Israeli Occupation Forces, so it shouldn't be used by anyone in the first place.

[-] iByteABit@lemmy.ml 10 points 1 week ago

Can npm just disable the post install script feature at this point jfc, or put a ton of hurdles to jump over in order to use it just to make sure that this is always 100% meant to be there

[-] RiQuY@lemmy.zip 9 points 1 week ago* (last edited 1 week ago)

Did you share a link to the source? When I click on it, it behaves like a picture.

[-] Luminous5481@anarchist.nexus 14 points 1 week ago

that's because it is a picture. they didn't link a source.

[-] sem@piefed.blahaj.zone 6 points 1 week ago
[-] Deer_Tito@lemmygrad.ml 6 points 1 week ago

So it only affected users of the CLI (Command Line Interface) for a short period of time, which means the vast majority of users are still safe.

according to a moderator of the Bitwarden community forum, “it seems that only 334 Bitwarden users downloaded the malicious version of the CLI,” during the time it was available.

[-] quack@lemmy.zip 5 points 1 week ago

Like most supply chain attacks, it’s targeting developers and other people who use tooling like this rather than Bob and Alice on the street.

[-] floofloof@lemmy.ca 5 points 1 week ago* (last edited 1 week ago)

Same here, using the default web interface, but this bug seems to happen sometimes on Lemmy: half the people see a link and the other half just an image. OP probably did post a link.

[-] Fedpie@sopuli.xyz 3 points 1 week ago* (last edited 1 week ago)

I posted a link and upload a picture. But it looks like it change the link to the link of the picture I have changed it now.

[-] RustyNova@lemmy.world 6 points 1 week ago

Damn.

I'll stick with my keepass + syncthing combo

[-] superglue@lemmy.dbzer0.com 20 points 1 week ago

This was a supply chain attack, everything is vulnerable to this type of attack.

[-] atrielienz@lemmy.world 8 points 1 week ago* (last edited 1 week ago)

For a small window of time if you downloaded an update it had malware. It also looks like a lot of those downloads were bot downloads. There is no evidence that vaults have been compromised.

In a post on X, JFrog said the rogue version of the package "steals GitHub/npm tokens, .ssh, .env, shell history, GitHub Actions and cloud secrets, then exfiltrates the data to private domains and as GitHub commits."

[-] RustyNova@lemmy.world -2 points 1 week ago

Of what app? Keepass? Was from the Debian repos. Syncthing what's from the syncthing repos

[-] atrielienz@lemmy.world 7 points 1 week ago

Of Bitwarden.

[-] umbrella@lemmy.ml 1 points 1 week ago* (last edited 1 week ago)

this is why i'm so wary of switching to password managers despite them being so practical.

this post was submitted on 24 Apr 2026
78 points (98.8% liked)

Privacy

48317 readers
583 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz