Executive Summary Security researchers from Socket have discovered that version 2026.4.0 of Bitwarden CLI has been compromised through a poisoned GitHub Actions workflow. This incident is part of the broader Checkmarx supply chain campaign and specifically impacts the npm distribution used by developers and automated build environments. The malicious payload executes credential-harvesting routines targeting cloud service providers, SSH...