devtake.dev
AI Open Source Hardware Security Apple Policy

#credential-theft

RSS
Related: #bitwarden · 1 #checkmarx · 1 #cicd · 1 #npm · 1 #shai-hulud · 1 #supply-chain · 1 #worm · 1
Bitwarden CLI compromised by the Shai-Hulud npm worm
Security·

Bitwarden CLI got backdoored for 90 minutes. The worm calls itself 'Shai-Hulud: The Third Coming.'

A malicious @bitwarden/[email protected] hit npm on April 22. The payload steals npm tokens, cloud secrets, and Claude Code credentials, then self-replicates.