Today's picture
The Bitwarden CLI was backdoored on Wednesday evening for 90 minutes via a compromised GitHub Actions pipeline. Anyone who pulled the npm package during that window had their GitHub tokens, SSH keys, AWS credentials, and cloud secrets silently stolen and exfiltrated to public GitHub repositories under their own account. Separately, CISA added four vulnerabilities to KEV yesterday including two SimpleHelp RMM flaws that ransomware groups have been chaining to reach MSP clients, and an end-of-life D-Link router that cannot be patched.
Threat snapshot
3 new · 2 monitoring
New
Supply Chain
Bitwarden CLI backdoored for 90 minutes via compromised GitHub Actions. Cloud and CI credentials stolen.
334 developers hit. Malicious version live April 22, 5:57 to 7:30 PM ET. Stole npm tokens, GitHub tokens, SSH keys, AWS, Azure, and GCP credentials. Self-propagating.
New
KEV Listed
Ransomware
SimpleHelp two-flaw chain in KEV. DragonForce and Medusa using it to reach MSP clients through RMM access.
CVE-2024-57726 CVSS 9.9 plus CVE-2024-57728. Low-privilege technician to server admin to RCE in two steps. MSPs and their downstream clients at risk.
New
KEV Listed
No Patch
D-Link DIR-823X command injection in KEV. End-of-life router with no patch. CISA says remove it.
CVE-2025-29635. Actively exploited to deliver Mirai botnet variants. No patch will ever be released. Federal deadline May 8. Remove from service.
Detailed intelligence
Full analysis
01 New Supply Chain
Bitwarden CLI backdoored for 90 minutes via compromised GitHub Actions. Cloud and CI credentials stolen from 334 developers.
Shai-Hulud / Checkmarx
What happened
A malicious version of the Bitwarden CLI was published to npm as @bitwarden/cli@2026.4.0 on April 22, 2026, and remained live from 5:57 PM to 7:30 PM Eastern Time before being detected and removed. Bitwarden confirmed the incident was connected to a broader Checkmarx supply chain attack in which threat actors compromised a GitHub Actions workflow used in Bitwarden's CI/CD pipeline. The attackers used a compromised Checkmarx-related GitHub Action to inject a malicious preinstall script into the package.
When installed, the package executed a hidden JavaScript file that collected npm authentication tokens, GitHub personal access tokens, SSH private keys, and cloud credentials including AWS, Azure, and Google Cloud configurations. The data was encrypted with AES-256-GCM and exfiltrated in two ways: to the domain audit.checkmarx[.]cx and as commits to newly created public GitHub repositories opened under the victim's own account. The payload was designed to self-propagate by reading the victim's npm credentials and attempting to publish malicious versions of any packages they had publish access to. Research firm OX Security identified the campaign as the third iteration of a worm they track as Shai-Hulud. JFrog confirmed 334 developers downloaded the affected version during the exposure window. Bitwarden says end-user vault data was not accessed and production systems were not compromised.
CyberSip Take
Two things make this incident particularly serious beyond the 334 direct victims. First, the self-propagating mechanism. A developer whose npm credentials were stolen during those 90 minutes may have unknowingly become a second-order source of infection for any packages they maintain. The blast radius of this attack extends well beyond the people who directly installed the Bitwarden CLI. Second, the credentials stolen are specifically the ones that open doors to CI/CD pipelines and cloud infrastructure. A GitHub token with push access to production repositories is not just a credential. It is the key to every pipeline that token can reach. One engineer's compromised token can become the entry point for malicious code pushed to production applications serving thousands of customers.
This incident is part of a growing pattern of attackers targeting the CI/CD supply chain specifically because the payoff from a single compromised developer tool far exceeds the payoff from a single compromised endpoint. The Checkmarx vector shows this is not opportunistic. The attackers are systematically working through trusted development tooling to reach the build pipelines behind it. Any developer or security team that uses unpinned npm dependencies, lacks automated scanning on package installs, or does not have alerts on new public repository creation under their GitHub account is worth reviewing after today.
Recommended actions
- If your developers use the Bitwarden CLI via npm, check whether version 2026.4.0 was installed between April 22, 5:57 PM and 7:30 PM ET. Run: npm list @bitwarden/cli to check the installed version. If affected, treat all credentials on that machine as compromised.
- Rotate any credentials that may have been on machines running the affected version: npm tokens, GitHub personal access tokens, SSH keys, and AWS, Azure, or GCP credentials.
- Check for unexpected public GitHub repositories created under your organization's accounts in the past 72 hours. The malware created public repos to store exfiltrated data.
- Search GitHub for repositories containing the string "Shai-Hulud: The Third Coming" tied to your organization's accounts or any affiliated developer accounts.
- Pin critical npm dependencies to specific verified versions in CI/CD pipelines rather than resolving the latest tag at install time. This is the primary structural control that reduces exposure to this class of attack.
Derived from Bitwarden incident disclosure, JFrog research, OX Security analysis, and Socket threat intelligence
02 New KEV Listed Ransomware
SimpleHelp two-flaw chain lands in KEV. DragonForce and Medusa are using it to reach MSP clients through RMM access.
CVE-2024-57726 / CVE-2024-57728
What happened
CISA added two SimpleHelp vulnerabilities to the KEV catalog on April 24 with a federal remediation deadline of May 8. SimpleHelp is a remote monitoring and management platform used by managed service providers and IT teams to remotely access and manage client endpoints. The two flaws chain together.
CVE-2024-57726 is a missing authorization vulnerability rated CVSS 9.9. A user with low-privilege technician access can send a crafted sequence of API requests to create new API keys with server administrator permissions. The authorization check that should verify the user holds admin rights before issuing those keys is missing. CVE-2024-57728 is a path traversal vulnerability rated CVSS 7.2. A user with admin access can upload a crafted zip file that places files outside the intended directory, including executables and crontab files on Linux, leading to arbitrary code execution on the SimpleHelp server.
The two flaws chain directly: steal or obtain low-privilege technician credentials, escalate to server admin using the missing authorization flaw, then use the admin access to upload a malicious file and execute arbitrary code on the host. DragonForce ransomware operators used this exact chain to breach a UK managed service provider and deploy ransomware across the MSP's client networks. Medusa has also been observed using SimpleHelp RMM access as a precursor to ransomware deployment. Patches were released in SimpleHelp version 5.5.8.
CyberSip Take
RMM platforms have appeared repeatedly in this brief because they represent one of the highest-leverage targets in the managed service landscape. An attacker who controls an MSP's RMM platform does not just own the MSP. They own every client network the MSP manages, with the same trusted administrative access the MSP uses for legitimate work. This is a structural risk in the MSP model that has been exploited by ransomware groups consistently for several years, and SimpleHelp is now a confirmed vehicle for exactly that. The Storm-1175 and Medusa activity covered in Issue 3 was targeting Exchange Server management access for similar reasons. The pattern is the same: identify the platform that manages other platforms and compromise it.
For organizations that use a managed service provider, this item is worth a direct conversation with your MSP about which RMM platform they use, whether it is running SimpleHelp version 5.5.8 or later, and what network controls restrict RMM agent access to only the systems that legitimately need it. For MSPs, this is an urgent patch item and the self-assessment includes asking whether any technician credentials have been exposed or shared in a way that could give an attacker the low-privilege access needed to start this chain.
Recommended actions
- Update SimpleHelp to version 5.5.8 or later immediately. This patches both CVE-2024-57726 and CVE-2024-57728.
- Audit technician account credentials in SimpleHelp. Rotate any shared, reused, or potentially exposed passwords. The escalation chain requires only low-privilege technician access to begin.
- Restrict the SimpleHelp management interface to internal networks or VPN. Reducing who can reach the API reduces the window for the privilege escalation chain.
- If you use an MSP, ask them to confirm their RMM platform version and access controls. You are in scope for any compromise of your MSP's management infrastructure.
Derived from CISA known-exploited vulnerability catalog, Sophos threat research, and DragonForce ransomware campaign reporting
03 New KEV Listed No Patch Available
D-Link DIR-823X command injection in KEV. End-of-life device with no patch. CISA says remove it from service.
CVE-2025-29635
What happened
CISA added CVE-2025-29635, a command injection vulnerability in D-Link DIR-823X series routers, to the KEV catalog with a federal deadline of May 8. The flaw allows an authenticated attacker to execute arbitrary commands by sending a crafted POST request to the router's web interface. Akamai researchers documented active exploitation earlier this week, with attackers using this vulnerability to deliver a Mirai botnet variant called tuxnokill. The DIR-823X is end-of-life. D-Link has confirmed no patch will be released. CISA's guidance for federal agencies and all organizations is unambiguous: remove the device from service.
CyberSip Take
This item is brief because the action is simple. There is no patch, there will be no patch, and the device is being actively exploited to build botnets. The conversation that this KEV entry should trigger in every organization is a broader one: do you know every end-of-life network device that is running in your environment, especially in branch offices, retail locations, warehouses, and remote sites where infrastructure refresh cycles tend to lag behind headquarters? D-Link EOL devices have appeared in multiple botnet campaigns because they are common, unpatched, and frequently forgotten. The China-nexus advisory from Issue 12 yesterday made the same point about compromised consumer and SOHO devices being used as attack infrastructure. This is the downstream consequence of that unpatched population.
Recommended actions
- Identify and remove any D-Link DIR-823X routers from your environment. There is no patch and CISA guidance is to discontinue use.
- Run a network discovery scan that includes remote and branch office network segments. EOL devices often accumulate in locations that receive less IT attention.
- Establish a lifecycle policy for network infrastructure that flags devices entering end-of-life status before they become a patching gap rather than after they appear in a KEV entry.
Derived from CISA known-exploited vulnerability catalog, Akamai threat research, and D-Link end-of-life advisory
Still watching
Aging items · days 2–6
Items here remain operationally relevant but have no significant new developments. They drop off after 7 days.
China-nexus covert device network advisory (Issue 12). CISA and 10 allied nations. Map edge devices and baseline VPN connection patterns. Static IP blocklists are becoming less effective against this tactic.
Day 2
Vercel breach expansion (Issue 12). Second independent set of customer compromises confirmed. Rotate environment variable secrets if not yet done.
Day 2
Lotus Wiper energy sector targeting (Issue 11). Relevant for critical infrastructure and OT environments. Verify offline backup integrity and monitor NETLOGON shares.
Day 3
Cross-source standouts
What connects this week
01
Attackers are systematically targeting the build pipeline, not just the application
The Bitwarden CLI supply chain attack is the third CI/CD or developer toolchain item in the brief this month after the Vercel OAuth breach and the Marimo Python notebook RCE. Each of these attacks targeted the infrastructure that builds and deploys software rather than the software itself. A compromised developer credential, a backdoored package, or a vulnerable notebook environment can push malicious code upstream into production systems that themselves have no vulnerability. The traditional application security model assumes the build pipeline is trusted. That assumption is no longer safe, and organizations that have not reviewed what their CI/CD pipelines trust and who has write access to them are carrying risk that is difficult to detect with conventional endpoint controls.
02
April closed with two reminders that RMM platforms are the highest-risk tool in the MSP stack
SimpleHelp joins Ivanti EPMM from Issue 1 and the Microsoft Intune wipe chain from Issue 3 as RMM and endpoint management platforms that appeared in this brief as active attack vectors this month. The consistent pattern is that ransomware groups and nation-state actors are not attacking the endpoint directly when they can instead compromise the platform with administrative access to thousands of endpoints simultaneously. For MSPs this is the most important security posture question of 2026: if an attacker compromises your RMM platform, what is your detection capability and how quickly could you contain the downstream impact to clients?
Past issues · 7-day archive