现在我也不知道这频道发了啥了，各位慢慢吃瓜，将就着看联系我请去 @abc1763613206友链儿@cyberElaina@rvalue_daily@billchenlahttps://channel.0w0.besthttps://channel.0w0.best/posts/7241https://channel.0w0.best/posts/7241Thu, 23 Apr 2026 17:00:09 GMT<i><b>🔴</b></i> <mark>Bitwarden</mark> CLI 2026.4.0 被骇；请尽快更新并检查设备数据及修改密码（若适用）。<br /><br />- 请更新至 <mark>Bitwarden</mark> CLI 2026.4.1 或 降级至 2026.3.0。<br />- 这是 <mark>Bitwarden</mark> 的官方 CLI（难用的那个），和第三方 CLI rbw 无关。<br />- 骇客似乎通过 GitHub Actions 潜入了 <mark>Bitwarden</mark> 的 CI/CD pipeline。<br />- 根据 Socket 分析，被骇软件的恶意行为包括收集系统凭据并将其加密发布到公开 GitHub repo 中，但不会在 locale 为 ru 的系统发作。<br /><br /><a href="https://socket.dev/blog/bitwarden-cli-compromised" target="_blank">https://socket.dev/blog/bitwarden-cli-compromised</a><br /><br />seealso: <a href="https://news.ycombinator.com/item?id=47876043" target="_blank">HackerNews:47876043</a><br />linksrc: <a href="https://t.me/microblock_pub/2573" target="_blank">https://t.me/microblock_pub/2573</a><br /><br /><a href="/search/%23Bitwarden">#Bitwarden</a> <a href="/search/%23Ecosystem">#Ecosystem</a><a href="https://socket.dev/blog/bitwarden-cli-compromised" target="_blank"> <div>Socket</div> <img class="link_preview_image" alt="Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain ..." src="/static/https://cdn4.telesco.pe/file/W-zYoZHVKOnqdztAEjnHCnK9wpN7fvA722Jsej5mC1Z7AvMGC9QRJD1EKwaTTpxIGkOlGaX_Em_mf4VCVdVnu0y7PG_R_J-2ztOFzL9huJsBsmj-EOHmHlqyZO-1BZJy64AA3pyO4z_voXs4ZT1Lt_HQbWI3vNzz3mXx1aicEim9fP36rZJcvPlsTRfpms-ozXgitQnYwP1F_UxYBtu84TA8sjeEeCidFSRsmmBBd29CbH57lC01woMlNU_JGKihLKVbTyEzPybQAj1HF8Mu_M15rO4u-2Fwhxlzy13Paph6mHQgNo6JoDrSFFddzwGV1dpiUgA43LdOV2gUUWvxVw.jpg" loading="lazy" /> <div><mark>Bitwarden</mark> CLI Compromised in Ongoing Checkmarx Supply Chain ...</div> <div><mark>Bitwarden</mark> CLI 2026.4.0 was compromised in the Checkmarx supply chain campaign after attackers abused a GitHub Action in <mark>Bitwarden</mark>’s CI/CD pipeline.</div> </a>