Changelog Master Feed Bitwarden CLI compromised (Changelog News #185)
38 snips
Apr 29, 2026 
Nicky Pike, a Coder.com representative who helps teams run secure cloud development environments, describes standardized developer workspaces. The conversation highlights supply-chain risks like the Bitwarden CLI compromise. It pivots to tooling shifts: TypeScript 7.0’s fast Go-based compiler, Ubuntu 26.04 LTS security choices, Spinel AOT for Ruby, and maintainer departures affecting Postgres tooling.
AI Snips
Chapters
Transcript
Episode notes
Respond Immediately If You Ran The Bitwarden CLI
- Treat a compromised CLI as an incident response, not a normal patch cycle.
- If you ran bw on developer machines or CI recently, Adam urges immediate incident response because the malicious build scraped sensitive files via a spoofed audit endpoint.
CLI Tools Are A Prime Supply-Chain Target
- Command-line tools are high-risk because they sit next to secrets and can exfiltrate tokens and keys.
- Adam Stacoviak describes the compromised Bitwarden CLI scraping GitHub tokens, cloud creds, npm config, SSH keys, shell profiles, and cloud config files.
Compromise Followed A Known GitHub Action Vector
- The Bitwarden compromise reused a broader GitHub Actions vector tied to the Checkmarx-themed campaign.
- Adam notes Socket traced the malicious release to the same supply-chain GitHub Action vector used in other recent attacks.