Socket and other researchers have confirmed that the Bitwarden CLI package published to npm — @bitwarden/cli version 2026.4.0 — was compromised in a supply chain attack that abused a GitHub Action in Bitwarden’s CI/CD pipeline. The malicious release injected a file named bw1.js into the package, exposing tokens, cloud credentials, SSH keys and other sensitive artifacts. While Bitwarden’s Chrome extension,
Tag: supply chain attack
Rockstar’s GTA Data Leak: ShinyHunters Expose 78.6M Records via Anodot–Snowflake Pivot
Rockstar Games confirmed in April 2026 that a third-party compromise led to a substantial exposure of analytics records tied to GTA Online and Red Dead Online. Although player accounts and payment systems were reportedly unaffected, the incident highlights how attackers are increasingly leveraging trusted SaaS integrations and stolen service tokens to pivot into high-value environments. This post unpacks the timeline,
Compromised Trust: CPUID Supply‑Chain Attack Served Trojanized CPU‑Z and HWMonitor Installers
Hackers briefly hijacked a CPUID distribution channel and altered download links on the vendor’s official website so that users seeking the popular CPU‑Z and HWMonitor utilities would instead receive a trojanized installer. The modification redirected downloads to Cloudflare R2 storage and delivered a malicious file masquerading as HWiNFO, exposing millions of users who rely on these tools for hardware diagnostics
LiteLLM Supply Chain Breach — 95M Downloads, Import-Time Backdoor, and What Teams Must Do Now
The Python package ecosystem suffered another high-impact supply chain compromise: LiteLLM — a popular library that routes requests across large language model providers and sees tens of millions of downloads — shipped malicious code in recent PyPI releases. Two versions published on March 24, 2026 (1.82.7 and 1.82.8) contained an import‑time backdoor that escalates into credential harvesting, lateral movement, and