Supply Chain Attack Targets Bitwarden NPM Package

📌 A supply chain attack targeted an NPM package associated with Bitwarden, as identified by Checkmarx and attributed to the threat actor TeamPCP. The incident is linked to the Shai-Hulud worm, a malware strain previously observed in similar attacks. No specific technical details, such as affected package versions, CVE IDs, or exact impact, were disclosed in the report. The attack highlights ongoing risks in open-source software supply chains, though no timeline or broader consequences were provided. The disclosure originates from SecurityWeek’s coverage of the incident.