惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
Cyberwarzone
Cyberwarzone
The GitHub Blog
The GitHub Blog
云风的 BLOG
云风的 BLOG
P
Proofpoint News Feed
小众软件
小众软件
Recent Announcements
Recent Announcements
博客园 - 三生石上(FineUI控件)
Security Archives - TechRepublic
Security Archives - TechRepublic
W
WeLiveSecurity
Cloudbric
Cloudbric
博客园 - 司徒正美
美团技术团队
N
News and Events Feed by Topic
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
PCI Perspectives
PCI Perspectives
宝玉的分享
宝玉的分享
H
Help Net Security
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Google DeepMind News
Google DeepMind News
Help Net Security
Help Net Security
Last Week in AI
Last Week in AI
S
Schneier on Security
N
News | PayPal Newsroom
B
Blog RSS Feed
L
LINUX DO - 最新话题
T
Troy Hunt's Blog
S
Secure Thoughts
雷峰网
雷峰网
aimingoo的专栏
aimingoo的专栏
L
Lohrmann on Cybersecurity
G
Google Developers Blog
Microsoft Azure Blog
Microsoft Azure Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tenable Blog
S
Securelist
L
LangChain Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
I
InfoQ
H
Heimdal Security Blog
Cisco Talos Blog
Cisco Talos Blog
F
Full Disclosure
Y
Y Combinator Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
K
Kaspersky official blog
T
Tailwind CSS Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
阮一峰的网络日志
阮一峰的网络日志
C
Cisco Blogs

Forbes - Consumer Tech

This Unhackable Quantum Navigation System Is The Size Of A Loaf Of Bread Apple At 50 — A Leadership Shift And An AR Future We Are Under-Investing In Robotics ... 90% Of Humanoid Robots Are Made In China Ditch The Apple White: Beats Expands Colorful Cable Line-Up With New 10-Foot Option Satechi’s New ChargeView 140W Desktop GaN Charger With Real-Time Display The Hasselblad In Your Pocket: Oppo’s Find X9 Ultra Challenges The Galaxy S26 Ultra There's No Such Thing As Brain Honey How AI Agents Could Rebuild Fashion’s Visual Production Layer QClaw Goes Global. The Agent Built Itself In 5 Days Apple’s Tim Cook Exit Hides A $4 Trillion Agentic AI Power Move EZQuest Reveals A New Line Of Pro Series USB-C Hubs For MacBook Neo Samsung Galaxy Z TriFold 2 Already In The Works, Report Claims Apple Revealed New Siri Release Date For iPhone, Latest Report Claims How Arcani’s HARK Is Designed For Modern Battlefield Acoustics The Newest Trend In Tech Embraces Femininity And Fun Samsung’s 75R95H Ushers In A New World Of LCD TVs New Apple iPhone Fold Design Pushes Smartphone Rivals To Go Wider And Taller iPhone 18 Pro Report: Four New Colors Leak As Apple Cancels Popular Shade Nothing’s Design-Led Strategy: Carl Pei Reveals The Tech Brand’s Philosophy iOS 26.5 Release Date: When To Expect Your iPhone Messaging Upgrade Google Pixel And Highsnobiety Build A Talent Pipeline For Fashion Android Circuit: Samsung Raises Galaxy Prices, Oppo Pad Mini Teased, Microsoft Closing Outlook App Apple Loop: iPhone Fold Launch Dates, iPad Air Upgrade, iPhone 18 Pro Specs Comcast $117.5 Million Breach Settlement — Are You Eligible? Amazfit Cheetah 2 Pro Takes Aim At The Garmin Audience Disney’s Launches ‘Infinity Vision’ Certification For Premium Theaters SoundPeats Reveals New Air6 HS Semi-Open Wireless Earbuds Amazon’s $11.57 Billion Leap Into Space: A Challenge To Starlink Meta Quest 3 Hit With $100 Price Increase Backblaze Stops Backing Up Dropbox And Others—Calls It An Improvement ‘Technically Hard To Do’: Why Samsung’s Galaxy S26 Ultra Privacy Display Is A Global First Ulanzi Launches D200X Creative Deck To Challenge Logitech And Elgato Plugable’s New 10-In-1 USB-C Hub Has Most Of The Ports You’ll Need AI Solved A Mathematical Problem That Had Stumped The World’s Best Minds For Decades RØDE Announces A Slew Of New Podcasting Innovations At NAB 2026 Samsung SmartThings Gets Smarter, Safer And More Personal Apple Announces Events In Run-Up To TCS London Marathon Apple Now Largest Smartphone Maker. Also, Samsung Now Largest Universal Announces 8-Movie ‘Steven Spielberg: The Spotlight Collection’ 4K Blu-Ray Boxset Denon Unveils Versatile New Living Room AV Receiver Google Android PIN Hackers Target 800 Apps During Attack Surge Canva AI 2.0 Launches With New Features And Conversational AI Govee’s New $450 Lightwall Brings RGBIC Effects Indoors And Out New Garmin Watch Is One Of The Most Expensive Yet The One Catch To Samsung’s New AirDrop-Style Sharing On Galaxy S26 World-First: Humanoid Robot On Live Industrial-Scale Electronics Production Line Cadence Teams With Nvidia And Google To Redefine AI System Engineering Dolby Files Lawsuit Against Barco Over HDR Patents Apple To Bring Major Upgrade To iPad Air In Months, Report Claims iPhone Setting Update—Stop FBI From Accessing Deleted Signal Messages GoPro Mission 1 Levels Up Action Cameras But One Mystery Remains Adobe Brings Chat To Firefly AI Assistant Across Creative Cloud Apps Sky Eyes Up Ring With Standalone Smart Home Launch Orico’s New X50 Thunderbolt 5 Compatible Enclosure Offers High-Speed Fanless Storage How 2,000 Tons Of Sand Stores 100 Megawatt-Hours And Slashes Carbon Emissions 70% iPhone’s Hidden Strength In The Rush To Wide Foldable Smartphones New Samsung Galaxy Price Shock Is Bad News For 2026 Buyers Can The Power Of AI Help You To Chat With Your Cat? Inside China’s Push To Build Birdlike Drones Sky Glass Air All-In-One Budget TV With Seamless Access To Sky Channels Booking.com Confirms Data Breach, Reservation PIN Codes Changed Google, DressX And The New Fashion AI Virtual Try-On Stack Why Major News Sites Are Blocking The Internet Archive’s Wayback Machine iPhone Fold Release Date: New Report Details Frustrating Apple News Humanoid Robots’ 88% Fail Rate: Completing Home Tasks Why Your Next Smartphone Could Have Lower Specs And A Higher Price Apple iPhone Fold: Striking Design Revealed In Leaked Photos Here’s The Most Affordable Humanoid Robot You Can Buy Now Samsung’s Disappointing Price Update For Galaxy Phone Buyers Is It Time For Apple To Forget About The MacBook Air Oura Has Designed A Solution To A Big Smart Ring Problem Apple iPhone Fold: Striking Design Revealed In Leaked Photos Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update iOS 26.4.1 Release: Crucial iPhone Feature Update Arrives, But No Security Fix Can’t Stand Liquid Glass? This New Hidden iPhone Setting Is A Game-Changer Android Circuit: Galaxy S27 Pro Emerges, Honor 600 Pre-Order Offers, Pixel 11 Display Leaks Apple Loop: iPhone 18 Pro Leak, Urgent iOS Update, MacBook Neo Issues The Costly Dream Of Space-Based AI Infrastructure Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update New Google Security Warning For Android 14, 15 And 16 Users—Update Now Fosi Launches CD Player With Built-In DAC And Headphone Amplifier The Shift From Place To Performance In Workplace Design Dyson Just Launched A $99 Gadget: Meet The HushJet Mini Cool Fan Apple iOS 26.4.1 Unexpected New iPhone Software: Should You Upgrade? LG Announces All U.K. And Some U.S. Pricing For Its 2026 TV Range Google Brings New 2FA Bypass Protection To Chrome For Windows Users iOS 26.4.1 Release: Crucial iPhone Feature Update Arrives, But No Security Fix SiFive's $400M Round Signals A RISC-V Moment In AI Data Centers Google Issues Critical Update Alert For 3.5 Billion Chrome Users Apple Vision Pro Gets A Major Gaming Upgrade Disney Announces ‘Alice In Wonderland’ 4K Blu-Ray, Featuring An All-New 4K Restoration Surprise Galaxy S27 Leak Gives Samsung New Options Aqara Thermostat Hub W200: Matter Controller With Smart Heating Skills Now On Sale AI Transformation: No-One’s At The Wheel, Says 500-Company Study Insta360 Launches Screen For Taking Selfies With A Phone’s Rear Camera Apple iPhone Fold Gets New Release And Screen Confirmation Angry Hacker Drops Microsoft Zero-Day Exploit, 1 Billion Users Warned Artemis II Just Dropped Stunning Wallpapers For Your Phone Or PC New Amazon Hack Attack—Alert For 300 Million Users Apple’s 2026 Shake-Up: iPhone 18 Pro Leaks While iPhone Fold Steals The Show
Bitwarden Confirms Compromise—Here Are The Facts
Davey Winder · 2026-04-24 · via Forbes - Consumer Tech
The word 'password' is displayed in red against green binary code.

Password manager company Bitwarden confirms NPM package compromise.

getty

The advice has been clear from security experts for the longest time: use a password manager. And that advice still stands, despite the news that one of the leaders in the market, Bitwarden, has confirmed a serious security incident that led to a compromised product being released for a short period of time. If installed, the malicious Bitwarden CLI Node Package Manager product included a credential-stealing payload. Bitwarden is the latest in a line of npm package supply chain compromises, but for the vast majority of Bitwarden password manager users, the sky has not fallen, and there is no need for panic.

ForbesGoogle Android PIN Hackers Target 800 Apps During Attack SurgeBy Davey Winder

The Truth About The Bitwarden Attack

Despite the, perhaps inevitable, manic response on social media platforms to the news that Bitwarden had confirmed a security incident, the actual facts of the matter are that, while obviously very serious, this is not the end of the password manager, and the vast majority of users do not need to actually do anything in response. This is, in no way, downplaying the impact that any security incident has on the trust of its users when password managers are concerned. However,while this is not another phishing attack targeting password manager users, it is far worse than that, it is important not to get carried away and to focus on the facts.

Firstly, this incident affected only users of the Bitwarden CLI product, not the password manager app itself. This is the command-line interface, the terminal version of Bitwarden. Already, the number of users has dropped very dramatically from the estimated 10 million who use the main product. While I was unable to gather any official statistics, Bitwarden CLI npm package has around 250,000 downloads monthly, according to an OX Security analysis.

That’s still a considerable number, so let’s introduce fact number two: Bitwarden has confirmed in a statement that it had “identified and contained a malicious package that was briefly distributed through the npm delivery path for @bitwarden/cli@2026.4.0 between 5:57 PM and 7:30 PM (ET) on April 22, 2026, in connection with a broader Checkmarx supply chain incident.” To put that into further context, according to a moderator of the Bitwarden community forum, “it seems that only 334 Bitwarden users downloaded the malicious version of the CLI,” during the time it was available.

MORE FOR YOU

ForbesDangerous Fake Microsoft Windows Update Confirmed—Do Not DownloadBy Davey Winder

A Bitwarden spokesperson said: “The investigation found no evidence that end-user vault data was accessed or at risk, or that production data or production systems were compromised. Once the issue was detected, compromised access was revoked, the malicious npm release was deprecated, and remediation steps were initiated immediately. The issue affected the npm distribution mechanism for the CLI during that limited window, not the integrity of the legitimate Bitwarden CLI codebase or stored vault data.”

If you were not among the few hundred to have downloaded the package, then you can relax, your passwords are safe. If you did, however, then Bitwarden recommends you uninstall Bitwarden CLI 2026.4.0 via npm, clear the npm cache, disable npm install scripts during cleanup as a precaution, rotate any secrets that may have been exposed on the affected system or stored in environment variables including API tokens and SSH keys, and finally install Bitwarden CLI 2026.4.1