Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Security firms find themselves especially exposed.
Signal weather
Stable
The story has moved beyond the first headline and now acts as a reliable context anchor.
It has been a bad six weeks for security firm Checkmarx. Over the past 40 days, it has been the victim of at least one supply-chain attack that delivered malware to customers on two separate occasions. Now it has been hit by a ransomware attack from prolific fame-seeking hackers. The streak of misfortunes started on March 19 with the supply-chain attack of Trivy, a widely used vulnerability scanner. The attackers behind the breach first breached the Trivy GitHub account and then used their access to push malware to Trivy users, one of which was Checkmarx. The pushed malware scoured infected machines for repository tokens, SSH keys, and other credentials. Both a target and delivery mechanism Four days later, Checkmarx’s GitHub account was compromised and began pushing malware to the security firm’s users. The company contained and remediated the breach and replaced the malware with the legitimate apps. Or so Checkmarx thought. Read full article Comments
Stay on the signal
Follow Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Follow this story beyond a single article: new follow-ups, adjacent sources, and the evolving storyline.
Story map
Understand this topic fast
A quick entry into the story: why it matters now, who is involved, and where to go next for context.
Why it matters now
Topic constellation
Open the live map for this story
See which entities, story threads, sources, and follow-up articles shape this story right now.
Click nodes to continue
Story timeline
Continue with this story
A short sequence of events and follow-up stories to understand the arc quickly.
How reliable this looks
Signal and trust for Ars Technica
This source works at a rapid pace: 100% of recent stories land in the hot window, and 0% carry visible search signal.
Reliability
92
Freshness
100
Sources in storyline
1
Related articles
More stories that share tags, source, or category context.
Chipmaker Nvidia seeks to raise over $25B in first bond deal since 2021
Debt sale set to test investor appetite for further exposure to AI sector amid a deluge of borrowing.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
A Chinese rocket breaks apart dangerously close to the Starlink constellation
The rocket's breakup likely generated 100 to 150 new pieces of space junk.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Fox’s $22B Roku acquisition aims to expand its reach into smart TVs, advertising
Fox plans to take over Roku's streaming hardware, OS, and FAST services.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Users cry foul after AMD stripped memory crypto from its consumer CPUs
AMD's stripping of TSME from consumer CPUs appears to be a deliberate, covert move.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
More from Ars Technica
Fresh reporting and follow-up coverage from the same newsroom.
Chipmaker Nvidia seeks to raise over $25B in first bond deal since 2021
Debt sale set to test investor appetite for further exposure to AI sector amid a deluge of borrowing.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
A Chinese rocket breaks apart dangerously close to the Starlink constellation
The rocket's breakup likely generated 100 to 150 new pieces of space junk.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Fox’s $22B Roku acquisition aims to expand its reach into smart TVs, advertising
Fox plans to take over Roku's streaming hardware, OS, and FAST services.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Users cry foul after AMD stripped memory crypto from its consumer CPUs
AMD's stripping of TSME from consumer CPUs appears to be a deliberate, covert move.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.