Lead Story | Critical — Active Supply Chain Exploitation | Developers · Cloud+DevOps |
|
Bitwarden CLI Hit in 93-Minute Supply Chain Window — AI Coding Tool Configs Among the Stolen Secrets
The malicious package was live for 93 minutes. It targeted GitHub tokens, SSH keys, and environment variables — and the credential files for Claude, Cursor, and Codex CLI.
On April 22, attackers compromised Bitwarden CLI version @bitwarden/[email protected] by poisoning a GitHub Action in Bitwarden’s CI/CD pipeline — part of the broader Checkmarx supply chain campaign. The package was live from 5:57 to 7:30 PM ET, approximately 93 minutes, with 334 downloads recorded. The preinstall hook embedded in bw1.js harvested GitHub and npm tokens, SSH keys, environment variables, shell history, GitHub Actions secrets, and cloud credentials, exfiltrating via AES-256-GCM encryption to audit.checkmarx[.]cx.
The scope extended to AI coding tool configurations — Claude, Cursor, Codex CLI, and Aider. Any developer who installed 2026.4.0 in that window and has authenticated those tools against repositories, cloud accounts, or internal APIs should treat those credentials as compromised. Uninstall the package, clear the npm cache, rotate every exposed secret, and install 2026.4.1. Review GitHub audit logs for unexpected Actions runs in any repository where the CLI was present during the window.
→ Key Takeaway If you installed @bitwarden/ [email protected] between 5:57 and 7:30 PM ET on April 22: rotate all GitHub tokens, npm credentials, SSH keys, environment variables, and AI coding tool credentials immediately, then install 2026.4.1. If your CI/CD pipelines install dependencies without pinning exact versions, this is a posture event — not just a patch. |
Quick Hits
| 01 |
CrowdStrike LogScale CVE-2026-40050 — CVSS 9.8 Unauthenticated Path Traversal. Patch Your SIEM.
CVE-2026-40050 (CVSS 9.8) allows an unauthenticated remote attacker to traverse the LogScale server’s directory structure and read arbitrary files without credentials via an exposed cluster API endpoint. Affected versions: self-hosted GA 1.224.0–1.234.0 and LTS 1.228.0–1.228.1; SaaS and Next-Gen SIEM customers are already protected. Update to 1.235.1, 1.234.1, 1.233.1, or 1.228.2 LTS — no active exploitation confirmed, but a SIEM that leaks its own filesystem is worth patching today. CSNews →
| High — Patch Available | Enterprise · Cloud+DevOps |
|
CVE Watch
|
CVE Watch
CVE-2025-62373 — Pipecat AI Voice Agent Framework: CVSS 9.8 RCE via Pickle Deserialization, No Auth Required
Pipecat — an open-source Python framework widely used to build real-time voice and multimodal AI agents — carries a CVSS 9.8 RCE vulnerability via insecure pickle deserialization in its LivekitFrameSerializer class. An unauthenticated attacker with WebSocket access can send a malicious pickle payload to execute arbitrary Python code on the server; no privileges or user interaction required. The patched version is 0.0.94, which removes the unsafe deserialization path; if you use LiveKit integration, migrate to LiveKitTransport. Any production AI agent infrastructure running pipecat-ai versions 0.0.41–0.0.93 is exposed.
| Vendor: Daily.co (Pipecat) · CVE: CVE-2025-62373 · CVSS: 9.8 Critical · Affected: pipecat-ai 0.0.41–0.0.93 · Fix: Upgrade to 0.0.94 · Exploitation: No confirmed wild exploitation |
|
Compliance Tip of the Day
|
NIST CSF 2.0 — PR.AA-03 — Protect: Identity Management, Authentication & Access Control
Authenticate Your Pipelines Like You Authenticate Your People
The Bitwarden CLI attack succeeded because a compromised GitHub Action had enough trust to run inside Bitwarden’s CI/CD pipeline unchallenged. NIST PR.AA-03 requires that users, services, and hardware are authenticated commensurate with risk — and a GitHub Actions workflow installing packages into a production toolchain carries high risk. Concrete action (PR.AA-03): Audit every GitHub Actions workflow in your repositories and pin all referenced actions to their SHA-256 commit hash (e.g., uses: actions/checkout@abc1234 rather than @v4). Unpinned actions and unpinned package installs are the surface the Checkmarx campaign is exploiting across every affected repository. nist.gov/cyberframework →
|
|
HARDENED | This newsletter does not constitute professional security advice. Security configurations and threat landscapes vary by organization. Consult a qualified security professional for implementation guidance specific to your environment. How we work: HARDENED uses AI agents for research, drafting, and automation. Every issue is reviewed by humans before publication. If you spot an error, reply directly — we correct the record promptly. Sources: The Hacker News (“Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign”), thehackernews.com · Bitwarden Community Forums (Bitwarden statement on Checkmarx supply chain incident), community.bitwarden.com · Socket.dev (“Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign”), socket.dev · Endor Labs (“Inside the Bitwarden CLI Supply Chain Attack”), endorlabs.com · CyberSecurityNews (“CrowdStrike LogScale Vulnerability Allows Remote Attackers to Read Arbitrary Files”), cybersecuritynews.com · NVD CVE-2026-40050, nvd.nist.gov · CVEReports (CVE-2025-62373 Pipecat RCE), cvereports.com · SentinelOne Vulnerability Database (CVE-2025-62373), sentinelone.com · NIST CSF 2.0 (PR.AA-03), nist.gov/cyberframework |
|
