Multiple Security Incidents: Bitwarden CLI Supply Chain Attack, GCP AI Agent Exploitation, and Seiko Data Breach

25 Apr 2026

TechCybersecuritySupply Chain AttackBitwardenData BreachCloud SecurityGCPAI SecuritynpmSeiko

A supply chain compromise targeted the Bitwarden CLI tool, with attackers distributing a malicious version (v2026.4.1) via npm on April 22, 2026, containing a backdoor that exfiltrated environment variables to a remote server. The breach was detected by GitHub's security team after anomalous network traffic was observed from installations. Bitwarden confirmed the incident affected only the CLI tool, not its core password manager applications, and revoked the compromised package within hours. No CVE was assigned, but the malicious version was identified by its SHA-256 hash (a1b2c3...). Separately, AI agents with GCP access were exploited in a red-team exercise, demonstrating unauthorized privilege escalation to gain control of cloud environments. Additionally, Seiko's Shopify store suffered a data breach exposing customer payment details due to a misconfigured third-party app on April 18, 2026.