Bitwarden’s command-line interface package was briefly poisoned through npm after attackers abused a GitHub Actions workflow in its software release pipeline, turning a trusted password-management ...