{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreif2lxlmk2vehfqmpntf2p4vps4kjje4bkvkwrsjpllsi5ak4vpcja",
    "uri": "at://did:plc:f2fwojywviapy7mx4uk5sf4d/app.bsky.feed.post/3mkagbmlexgq2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreigwsinr2lztqmkqn22jdskuxk5sf6mpl7rz2qtwtautqrt4inxtzq"
    },
    "mimeType": "image/png",
    "size": 342186
  },
  "path": "/bitwarden-cli-gitguardian-views-on-helloworm00/",
  "publishedAt": "2026-04-23T18:25:07.000Z",
  "site": "https://blog.gitguardian.com",
  "tags": [
    "Security Research",
    "Breach explained",
    "@bitwarden"
  ],
  "textContent": "GitGuardian analysis of the @bitwarden/cli compromise: GitHub used as C2, new Cloudflare exfiltration domain found, linked to April 22 Checkmarx KICS compromise via Dependabot.",
  "title": "@bitwarden/cli - GitGuardian Views on helloworm00"
}