Bitwarden Statement on Checkmarx Supply Chain Incident
community.bitwarden.com
The Bitwarden security team identified and contained a malicious package that was briefly distributed through the npm delivery path for @bitwarden/[email protected] between 5:57 PM and 7:30 PM (ET) on April 22, 2026, in connection with a broader Checkmarx supply chain incident. The investigation found no evidence that end user vault data was accessed or at risk, or that production data or production systems were compromised. Once the issue was detected, compromised access was revoked, the malicious ...
  • theunknownmuncher@lemmy.worldEnglish
    11·
    24 hours ago

    NPM yet again because it was one of the examples I used that you failed to address

    I clearly acknowleged that both package managers and the windows method are vulnerable to supply chain attacks.

    I’m pretty sure I noted your demonstated lack of reading comprehension, not ignorance. Doesn’t seem to have improved in the last 2 weeks.

    Hopefully manufacturing irrelevant scenarios works out for you in your career.

    That’s ironic.

    • Cypher@aussie.zoneEnglish
      1·
      23 hours ago

      If you can’t comprehend how site impersonation and search result manipulation aren’t relevant to the actual software vendor getting popped then you have zero comprehension of an actual kill chain.

      But sure a package manager is totally safer because you made up an irrelevant scenario!

      Nice you went back and checked with how little you cared lol