现在我也不知道这频道发了啥了，各位慢慢吃瓜，将就着看联系我请去 @abc1763613206友链儿@cyberElaina@rvalue_daily@billchenlahttps://broadcastchannel-ajj.pages.devhttps://broadcastchannel-ajj.pages.dev/posts/7241https://broadcastchannel-ajj.pages.dev/posts/7241Thu, 23 Apr 2026 17:00:09 GMT<i><b>🔴</b></i> <mark>Bitwarden</mark> CLI 2026.4.0 被骇；请尽快更新并检查设备数据及修改密码（若适用）。<br /><br />- 请更新至 <mark>Bitwarden</mark> CLI 2026.4.1 或 降级至 2026.3.0。<br />- 这是 <mark>Bitwarden</mark> 的官方 CLI（难用的那个），和第三方 CLI rbw 无关。<br />- 骇客似乎通过 GitHub Actions 潜入了 <mark>Bitwarden</mark> 的 CI/CD pipeline。<br />- 根据 Socket 分析，被骇软件的恶意行为包括收集系统凭据并将其加密发布到公开 GitHub repo 中，但不会在 locale 为 ru 的系统发作。<br /><br /><a href="https://socket.dev/blog/bitwarden-cli-compromised" target="_blank">https://socket.dev/blog/bitwarden-cli-compromised</a><br /><br />seealso: <a href="https://news.ycombinator.com/item?id=47876043" target="_blank">HackerNews:47876043</a><br />linksrc: <a href="https://t.me/microblock_pub/2573" target="_blank">https://t.me/microblock_pub/2573</a><br /><br /><a href="/search/%23Bitwarden">#Bitwarden</a> <a href="/search/%23Ecosystem">#Ecosystem</a><a href="https://socket.dev/blog/bitwarden-cli-compromised" target="_blank"> <div>Socket</div> <img class="link_preview_image" alt="Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain ..." src="/static/https://cdn4.telesco.pe/file/uboc8iYobfmiNTQdTtnjnlTf4MQbF6xKik96_SMUGwN01iOyhAgkTjFMbnJ2sowheUlg7G_G3NlJGPdD39TvrZ6DtWm0xmY85d6oyAvAFUVNrwF4DNgsy8Zw2LtX-APYKtI_XBrLoOtWbeJAZVik_Tv944uhZkpHG9xuhrK2aKSiS9xcEJmTQrL7WhQKsYNi0iug7C8y6CMbk2E3C4QAQqj3bGxdlSgdPXGO3jOrriHzlNM-8mY-Ph9CKpQXVm5YVDYlarO9M9AwdtM6fjCBQh_1uShWC_scM_yTs4BdW3FGLYLOsVqlvvJMI7GWJHbCpAQFVVZ4GWrrV-NXW4c2cA.jpg" loading="lazy" /> <div><mark>Bitwarden</mark> CLI Compromised in Ongoing Checkmarx Supply Chain ...</div> <div><mark>Bitwarden</mark> CLI 2026.4.0 was compromised in the Checkmarx supply chain campaign after attackers abused a GitHub Action in <mark>Bitwarden</mark>’s CI/CD pipeline.</div> </a>