Lobsters — security tag
I Do Not Recommend Bitwarden
ATT&CK techniques detected
T1195.001Compromise Software Dependencies and Development Tools
99%
“across other affected repositories in this campaign. … organizations that installed the malicious bitwarden npm package should treat this incident as a credential exposure and ci / cd compromise event. the payload downloaded the bun runtime, decrypted a second - stage shai - hulu…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
92%
“marek toth publicly disclosed a class of dom - based clickjacking attacks that could trick the bitwarden browser extension into autofilling credit card details and personal information after a single click on a malicious page. the vulnerability had been reported four months earli…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1555.005Password Managers
62%
“) - e : one - off credentials ( think api keys, tokens, etc. ) group a : professional / client projects for group a i ’ m going with a saas password manager that offers proper vault sharing, integrates with the tools clients actually use ( sso, browser extensions on corporate mac…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
45%
“marek toth publicly disclosed a class of dom - based clickjacking attacks that could trick the bitwarden browser extension into autofilling credit card details and personal information after a single click on a malicious page. the vulnerability had been reported four months earli…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…