On 20 April 2026, the coding world was alerted after a widely used tool called @bitwarden/cli was found to be compromised. According to researchers at GitGuardian, who shared their analysis, the attack was a calculated operation by a group called TeamPCP, who used what researchers describe as a cross-campaign pivot to exploit trusted developer tools.
For context, Bitwarden is an open-source password manager that stores and encrypts sensitive data like passwords, API keys, and secure notes in a
