Bitwarden's CLI was hit by the Checkmarx supply-chain campaign. That is the lead. If you run Bitwarden in any automated or CI context, your dependency chain was touched by a coordinated attack. Read the full piece to understand the vector, not just the headline.
Three other stories landed the same week and none of them are noise. TypeScript 7.0 beta ships a Go-rewritten compiler clocking roughly 10x the speed of 6.0. pgBackRest lost its maintainer of thirteen years, leaving production Postgres operators with an immediate trust and continuity problem. Ubuntu 26.04 LTS ships TPM-backed full-disk encryption by default. Matz announced Spinel, an AOT compiler path that compiles Ruby to native binaries.
The reason to read the original is the combination, not any single item. Security, performance, and maintainer abandonment arrived in the same week across tools that share no obvious surface. That pattern is the story.
[READ ORIGINAL →]