Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

“Current evidence indicates that this data originated from Checkmarx’s GitHub repositories, and that access to those repositories was facilitated through the initial supply chain attack of March 23, 2023,” Checkmarx said Monday. The company didn’t say what kinds of data were leaked. Checkmarx isn’t the only security company to suffer the aftereffects of the Trivy breach. Socket said that another security firm, Bitwarden, was also hit in the same supply-chain attack. …