Security · 55d ago
Bitwarden CLI caught in supply-chain attack
Bitwarden's CLI was compromised in the Checkmarx supply-chain campaign. TypeScript 7.0 beta ships with a Go-rewritten compiler running ~10x faster than v6.0. pgBackRest lost its maintainer of 13 years, raising dependency-trust concerns for production Postgres users.
Meridian48 take
The Bitwarden incident underscores how even trusted tools are vulnerable to supply-chain attacks, while the pgBackRest maintainer departure highlights the fragility of open-source dependencies.
supply-chain-attackopen-source-security