Security firms Checkmarx and Bitwarden were targeted in a sophisticated supply-chain attack, with attackers compromising their GitHub accounts to push malware to users and steal credentials. The incident highlights the growing trend of attackers focusing on security companies to exploit trust and access sensitive data. The attack involved multiple breaches over weeks, including a ransomware dump by the Lapsu$ group.
Background
Supply-chain attacks involve compromising software dependencies or distribution channels to infect downstream users, often targeting trusted entities to maximize impact. Security firms are increasingly targeted due to their access to sensitive client data and tools.
- Source
- Ars Technica
- Published
- Apr 29, 2026 at 07:00 PM
- Score
- 8.0 / 10