DigiNews

Summary

Ars Technica outlines a string of supply-chain incidents affecting Checkmarx and Bitwarden, traced to the Trivy vulnerability scanner breach. The report describes multiple compromises of vendor accounts, the deployment of malware through GitHub and Docker Hub, and a ransomware data dump by the Lapsu$ group, illustrating how attackers exploit security tools to widen their reach and the potential downstream impact for customers and partners.