Longtime Slashdot reader Himmy32 writes: Socket Security published an article on the compromise of the Bitwarden CLI client, which was pushed from Bitwarden's client repository. This breach was the next in a chain of supply-chain attacks that have affected Checkmarx KICS and Aqua Security's Trivy scanners.

The breach was quickly detected and reported by JFrog on the GitHub repository; JFrog also provided a technical write-up. The Bitwarden team has released statements on a blog post indicating that the compromise did not affect vault or customer data. Only 334 downloads of the affected CLI client were downloaded before removal and remediation.

[ Read more of this story ]( https://it.slashdot.org/story/26/04/24/2032218/bitwarden-cli-is-the-next-compromise-in-checkmarx-supply-chain-campaign?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.