Bitwarden
-
Bitwarden CLI hit by npm supply chain compromise in Checkmarx-linked campaign
Bitwarden said its CLI package was briefly compromised on npm on April 22, 2026, in a supply chain attack that targeted developer secrets and CI/CD credentials through version 2026.4.0.
-
Study finds cloud password managers vulnerable to server-side recovery attacks
A technical analysis by ETH Zurich and Universit della Svizzera italiana found that Bitwarden, LastPass, and Dashlane are vulnerable to server-side password recovery attacks, with researchers detailing multiple attack types and vendor mitigations.
-
Phishing campaign lures LastPass and Bitwarden users to install remote-access tools
A phishing campaign impersonating LastPass and Bitwarden is distributing a binary that installs the Syncro RMM agent and deploys ScreenConnect for remote access, researchers reported; LastPass says it was not breached and users are advised to ignore unsolicited alerts and verify notices on official channels.
-
Researchers warn of DOM-based extension clickjacking in password managers
Security researchers at DEF CON 33 revealed a DOM-based extension clickjacking flaw affecting popular password-manager browser extensions, capable of stealing credentials, 2FA codes, and more with a single click on a malicious page; Bitwarden has issued a fix, and others are in progress, with guidance to disable auto-fill until patches are deployed.
