·CRITICAL9.0·confirmed
Bitwarden CLI Supply Chain Compromise (2026)
A malicious build of @bitwarden/cli was published to the public npm registry for roughly 90 minutes, exfiltrating cloud tokens, SSH keys, and AI tooling credentials from CI runners and developer machines.
벡터 / npm supply chain플랫폼 / npm, GitHub, Bitwarden, +3분량 / 6분
