my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog / #bitwarden

Administrative Betrayal: The Bitwarden CLI Supply Chain Hijack

John Z Black Apr 27, 2026

Threat Intelligence #supply-chain #npm #bitwarden #developer-security #malware

A malicious npm package impersonating the Bitwarden CLI installed its own runtime to steal secrets. When security tools are the attack vector, the whole CI/CD pipeline becomes a weapon.

Read More