Bitwarden's CLI was caught in the Checkmarx supply-chain campaign. That is the lead. If you run Bitwarden in automated pipelines or scripts, your trust boundary just got tested.
Elsewhere this week: TypeScript 7.0 beta ships a Go-rewritten compiler clocking roughly 10x faster than 6.0. pgBackRest lost its maintainer of thirteen years, leaving production Postgres shops with a real dependency audit on their hands. Ubuntu 26.04 LTS ships TPM-backed full-disk encryption by default. Matz unveiled Spinel, an AOT compilation path that compiles Ruby to native binaries.
The full piece is worth reading not for the conclusions but for the collision: supply-chain compromise, compiler rewrites, and orphaned critical infrastructure all landed in the same week. Security, performance, and maintenance are not separate problems.
[READ ORIGINAL →]