Socket and other researchers have confirmed that the Bitwarden CLI package published to npm — @bitwarden/cli version 2026.4.0 — was compromised in a supply chain attack that abused a GitHub Action in Bitwarden’s CI/CD pipeline. The malicious release injected a file named bw1.js into the package, exposing tokens, cloud credentials, SSH keys and other sensitive artifacts. While Bitwarden’s Chrome extension,
Tag: credential theft
Clipboard Trap: ClickFix Now Abuses Windows Terminal to Deliver Lumma Stealer
A newly observed wave of ClickFix social-engineering attacks has shifted tactics, hijacking Windows Terminal as its execution environment to deliver credential-stealing malware. Security researchers from Microsoft and other vendors tracked this campaign in early 2026 and reported a reliable pattern: victims are manipulated into pasting an obfuscated command from their clipboard into a legitimate-looking terminal window, which then decodes and