Installing ‘official’ crypto tool turned laptops into launchpads to hijack GitHub accounts

On Apr. 22, a malicious version of Bitwarden's command-line interface appeared on npm under the official package name @bitwarden/cli@2026.4.0. For 93 minutes, anyone who pulled the CLI through npm received a backdoored substitute for the legitimate tool. Bitwarden detected the compromise, removed the package, and issued a statement saying it found no evidence that attackers The post Installing ‘official’ crypto tool turned laptops into launchpads to hijack GitHub accounts appeared first on CryptoSlate.