 |
Darnley's Cyber Café
Embark on a journey with us as we explore the realms of cybersecurity, IT security, business, news, technology, and the interconnected global geopolitical landscape. Tune in, unwind with your preferred cup of java (not script), and engage in thought-provoking discussions that delve into the dynamic evolution of the world around us. Language: en-ca Genres: News, Tech News, Technology Contact email: Get it Feed URL: Get it iTunes ID: Get it Trailer: |
Listen Now...
Bitwarden CLI Hacked? The Supply Chain Attack That Targeted 250K Developers
Episode 49
Wednesday, 29 April, 2026
On April 22, 2026, the Bitwarden CLI, used in CI/CD pipelines at tens of thousands of organizations, was weaponized for exactly 93 minutes. In this episode, Darnley walks through the anatomy of the supply chain attack that compromised bitwarden cli version 2026.4.0: how the threat group exploited a compromised Checkmarx GitHub Action to inject credential-stealing malware into Bitwarden's npm publishing pipeline, what the worm actually stole, how it self-propagated by republishing victims own npm packages, and why the fact that "no vault data was compromised" misses the point...Packed with practical technical guidance on pipeline hardening, package pinning, least-privilege, and the one npm setting that could have blocked this attack entirely...this episode is essential listening for developers, IT security teams, and anyone responsible for a software supply chain who need to hear it. Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.
