Socket and other researchers have confirmed that the Bitwarden CLI package published to npm — @bitwarden/cli version 2026.4.0 — was compromised in a supply chain attack that abused a GitHub Action in Bitwarden’s CI/CD pipeline. The malicious release injected a file named bw1.js into the package, exposing tokens, cloud credentials, SSH keys and other sensitive artifacts. While Bitwarden’s Chrome extension,
Tag: GitHub Actions
Comment and Control: How GitHub Comments Became a New Prompt-Injection Threat
A new class of prompt-injection attacks—dubbed “Comment and Control”—turns GitHub pull requests, issues, and comments into attack surfaces that can hijack AI coding agents and siphon secrets directly from CI/CD environments. Unlike classic prompt injection that waits for a user to feed a document to an agent, this pattern is proactive: opening a PR or posting an issue can automatically
PowerShell in DevOps Workflows — GitHub Actions & CI/CD
PowerShell’s evolution from a Windows-centric scripting language to a cross-platform automation powerhouse has firmly planted it in the heart of modern DevOps. Nowhere is this transformation more apparent than in the continuous integration and continuous deployment (CI/CD) pipelines that drive reliable software delivery. GitHub Actions, with its ease of workflow automation and native integration with the world’s largest code hosting