News Grower

Independent coverage of AI, startups, and technology.

Language English Russian
Ars Technica Apr 29, 2026 at 11:00 Big Tech Stable Warm

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Security firms find themselves especially exposed.

Signal weather

Stable

The story has moved beyond the first headline and now acts as a reliable context anchor.

By Dan Goodin Original source
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

It has been a bad six weeks for security firm Checkmarx. Over the past 40 days, it has been the victim of at least one supply-chain attack that delivered malware to customers on two separate occasions. Now it has been hit by a ransomware attack from prolific fame-seeking hackers. The streak of misfortunes started on March 19 with the supply-chain attack of Trivy, a widely used vulnerability scanner. The attackers behind the breach first breached the Trivy GitHub account and then used their access to push malware to Trivy users, one of which was Checkmarx. The pushed malware scoured infected machines for repository tokens, SSH keys, and other credentials. Both a target and delivery mechanism Four days later, Checkmarx’s GitHub account was compromised and began pushing malware to the security firm’s users. The company contained and remediated the breach and replaced the malware with the legitimate apps. Or so Checkmarx thought. Read full article Comments

Read the full article

Stay on the signal

Follow Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Follow this story beyond a single article: new follow-ups, adjacent sources, and the evolving storyline.

We send a confirmation link first, then only meaningful digests.

Story map

Understand this topic fast

A quick entry into the story: why it matters now, who is involved, and where to go next for context.

Why it matters now

This story is still moving and pulling follow-up coverage.
There are already 6 connected articles in the same storyline to continue from here.
The story keeps orbiting around Ars Technica, Bitwarden Security, and Checkmarx, so the entity pages are the fastest way to build context.
Ars Technica already has 4 follow-up stories on the same theme.

Topic constellation

Open the live map for this story

See which entities, story threads, sources, and follow-up articles shape this story right now.

Click nodes to continue

Entity Cluster Article Hub Source

Entity pages

Ars Technica Bitwarden Security Checkmarx Especially Exposed Firms Firms Checkmarx

Story threads

Ars Technica

Latest coverage and related links about Ars Technica.

Ars Technica

Последние материалы и связанный контекст по теме Ars Technica.

Checkmarx

Latest coverage and related links about Checkmarx.

Checkmarx

Последние материалы и связанный контекст по теме Checkmarx.

Story timeline

Continue with this story

A short sequence of events and follow-up stories to understand the arc quickly.

Jun 16, 2026 at 22:22 Ars Technica

Trump admin tries to block Clean Air Act lawsuit over xAI's gas turbines

NAACP lawsuit says xAI uses gas turbines without permits for Grok data center.
Jun 16, 2026 at 22:11 Ars Technica

Year of free HPE software a “step in the correct direction” in VMware rivalry

Partner tells Ars that HPE should be giving out more free VM Essentials licenses.
Jun 16, 2026 at 21:54 Ars Technica

Cockroaches scurry around with thousands of pieces of bacterial genomes

Transferring genes across species doesn't just happen in microbes.
Jun 16, 2026 at 21:14 Ars Technica

Among the large new rockets Amazon was counting on, only Europe has delivered

"As for Arianespace, they have definitely stepped up."
Jun 16, 2026 at 21:00 Ars Technica

Anthropic "pauses" token-based billing for its Claude Agent SDK

Move originally planned for Monday would have heavily increased power users' costs.
Apr 29, 2026 at 11:00 Ars Technica

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Security firms find themselves especially exposed.

How reliable this looks

Signal and trust for Ars Technica

This source works at a rapid pace: 100% of recent stories land in the hot window, and 0% carry visible search signal.

Trusted

Reliability

92

Freshness

100

Sources in storyline

1

Related articles

More stories that share tags, source, or category context.

More from Ars Technica

Fresh reporting and follow-up coverage from the same newsroom.

Open source page