Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

A supply-chain attack attributed to the Trivy campaign and the access-broker TeamPCP compromised Checkmarx and Bitwarden repositories, with access reportedly sold to the Lapsu$ ransomware group; a malicious npm package and shared C2 infrastructure linked the incidents, raising the risk of downstream credential theft and further compromises.