Hackers Turned Security Tools Into Weapons Against Their Users

Hackers compromised three widely used security tools—Trivy, Checkmarx, and Bitwarden—starting March 19, injecting malware into automated software build systems. The attack weaponized the very tools organizations use to detect threats. Attackers maintained access for weeks. The malware included a data wiper targeting Iranian systems.