Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Self-Propagating npm Worm
A massive compromise has struck security toolsets via a poisoned release of the @bitwarden/cli utility at version v2026.4.0. The threat intelligence team discovered that the official package was embedded with a highly destructive, self-propagating npm worm identifying itself as "Shai-Hulud: The Third Coming." Because developers and DevOps pipelines heavily utilize the Bitwarden Command Line Interface to fetch and manage secrets programmatically, the malware gains immediate access to core infrastructure components. Once active, the worm sweeps local system storage to harvest active SSH keys, cloud infrastructure secrets, and AI coding assistant credentials. It then hooks directly into the host machine’s developer profiles, weaponizing their authenticated credentials to inject the identical worm payload into the developer's own public-facing npm repositories.Engineering teams must immediately remove and quarantine @bitwarden/cli version v2026.4.0 from all development machines, administrative systems, and automated build scripts, reverting to a known-secure release. Security operations must treat all credentials, SSH keys, and AI assistant tokens exposed on those systems as fully compromised, executing a comprehensive credential rotation. Additionally, maintainers should review their own public package registries to ensure their publishing tokens were not hijacked to push unauthorized downstream versions.If you need expert assistance in identifying compromised packages, securing your CI/CD pipelines, or conducting an emergency supply chain audit, contact Cyberlinx today to protect your development environment.
Related Articles





