Supply chain , DevSecOps , Threat Intelligence , Identity Checkmarx supply chain hack impacts Bitwarden CLI April 24, 2026 Share By SC Staff Bitwarden CLI was reported by Socket and JFrog researchers to have been affected by the TeamPCP-linked supply chain intrusion against Checkmarx , according to The Hacker News . Such an intrusion was already confirmed by Bitwarden, which stressed that its end-user vault data was not compromised. Attackers reportedly leveraged a compromised GitHub Action in the CI/CD pipeline to upload a malicious @bitwarden/cli package to npm, but the malicious package has been removed. The "Shai-Hulud: The Third Coming" string was discovered by OX Security in the malicious package, which references a supply chain attack campaign from last year. "The latest Shai Hulud incident is just the latest in a long chain of threats targeting developers around the world. User data is being publicly exfiltrated to GitHub, often going undetected because security tools typically don't flag data being sent there," said OX Security's Moshe Siman Tov Bustan. Bitwarden said a CVE for Bitwarden CLI version 2026.4.0 is being released and has confirmed that no additional affected environments and products have been identified at this time. SC Staff Related AI/ML Anthropic probes alleged third-party breach of Claude Mythos SC Staff April 23, 2026 HackRead reports that Anthropic has launched an investigation into the reported compromise of its Claude Mythos AI model by a Discord-linked group that obtained unauthorized access through an external contractor. Supply chain Checkmarx Docker Hub repository compromised with malicious images SC Staff April 23, 2026 The compromised images, including tags like v2.1.20 and alpine, were found to contain a modified KICS binary designed to exfiltrate sensitive data from scan reports to an external endpoint, according to an alert from Socket. Supply chain Namastex npm packages compromised in ‘CanisterWorm’ supply chain attack Laura French April 23, 2026 A self-propagating script was added to @automagik/genie and @pgserve packages. Related Events Cybercast From code to cloud: Stopping attacks in the software supply chain Wed Apr 29 Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Black Hat Browser Business Email Compromise (BEC) Certificate-Based Authentication Client Corruption Deepfake Defacement Discretionary Access Control (DAC) Reconnaissance You can skip this ad in 5 seconds