When Your Password Manager Attacks You: Inside the Bitwarden CLI Supply Chain Compromise
How the @bitwarden/cli npm package was hijacked for 93 minutes on April 22, 2026, subverting trusted publishing to steal AWS, GitHub, and SSH credentials from 334 installs.