Articles tagged cicd on devtake.dev.https://devtake.dev/en-ushttps://devtake.dev/article/bitwarden-cli-shai-hulud-npm-worm/https://devtake.dev/article/bitwarden-cli-shai-hulud-npm-worm/A malicious @bitwarden/cli@2026.4.0 hit npm on April 22. The payload steals npm tokens, cloud secrets, and Claude Code credentials, then self-replicates.Thu, 23 Apr 2026 19:00:00 GMTsecuritybitwardenshai-huludnpmsupply-chainwormcredential-theftcheckmarxcicdluca-reinhardthttps://devtake.dev/article/trivy-supply-chain-attack-compromise/https://devtake.dev/article/trivy-supply-chain-attack-compromise/Attackers force-pushed 75 of 76 trivy-action tags to a malicious commit. Pinning by tag turned a trusted scanner into an infostealer for CI pipelines.Sat, 18 Apr 2026 08:30:00 GMTsecuritysupply-chaintrivyaqua-securitygithub-actionscicddevsecopsteampcpluca-reinhardt