Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Security firms find themselves especially exposed.
Signal weather
Rising
Momentum is building quickly, so this card is a good early entry point into the topic.
It has been a bad six weeks for security firm Checmarx. Over the past 40 days, it has been the victim of at least one supply-chain attack that delivered malware to customers on two separate occasions. Now it has been hit by a ransomware attack from prolific fame-seeking hackers. The streak of misfortunes started on March 19 with the supply-chain attack of Trivy, a widely used vulnerability scanner. The attackers behind the breach first breached the Trivy GitHub account and then used their access to push malware to Trivy users, one of which was Checkmarx. The pushed malware scoured infected machines for repository tokens, SSH keys, and other credentials. Both a target and delivery mechanism Four days later, Checkmarx’s GitHub account was compromised and began pushing malware to the security firm’s users. The company contained and remediated the breach and replaced the malware with the legitimate apps. Or so Checkmarx thought. Read full article Comments
Stay on the signal
Follow Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Follow this story beyond a single article: new follow-ups, adjacent sources, and the evolving storyline.
Story map
Understand this topic fast
A quick entry into the story: why it matters now, who is involved, and where to go next for context.
Why it matters now
Topic constellation
Open the live map for this story
See which entities, story threads, sources, and follow-up articles shape this story right now.
Click nodes to continue
Story timeline
Continue with this story
A short sequence of events and follow-up stories to understand the arc quickly.
How reliable this looks
Signal and trust for Ars Technica
This source works at a rapid pace: 100% of recent stories land in the hot window, and 0% carry visible search signal.
Reliability
92
Freshness
100
Sources in storyline
2
Related articles
More stories that share tags, source, or category context.
A Falcon 9 rocket will hit the Moon this summer at seven times the speed of sound
The object will be traveling at 2.43 km a second, or 5,400 mph, upon impact.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Check your gravity with NASA's Artemis II zero-g indicator
On sale through the NASA exchange.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Хакеры решили поделиться исходниками Checkmarx со всем миром. В сеть слили огромный архив
Содержимое некогда защищённых репозиториев стало общественным достоянием.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Anti-Trump Instagram pic of seashells now enough to indict ex-FBI directors
The clown car is all gassed up.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
More from Ars Technica
Fresh reporting and follow-up coverage from the same newsroom.
A Falcon 9 rocket will hit the Moon this summer at seven times the speed of sound
The object will be traveling at 2.43 km a second, or 5,400 mph, upon impact.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Sam Altman is “the face of evil” for not reporting school shooter, says lawyer
Lawsuits: OpenAI didn't report ChatGPT user to cops to protect Altman, IPO.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Check your gravity with NASA's Artemis II zero-g indicator
On sale through the NASA exchange.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Anti-Trump Instagram pic of seashells now enough to indict ex-FBI directors
The clown car is all gassed up.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.