# Bitwarden CLI compromised (News) Page: https://stenobird.com/podcast/the-changelog-software-development-open-source/bitwarden-cli-compromised-news Text version: https://stenobird.com/podcast/the-changelog-software-development-open-source/bitwarden-cli-compromised-news.md Podcast: [The Changelog: Software Development, Open Source](https://stenobird.com/podcast/the-changelog-software-development-open-source) Published: 2026-04-29T15:00:00+00:00 Episode link: https://changelog.com/news/185 Audio file: https://op3.dev/e/https://pscrb.fm/rss/p/https://cdn.changelog.com/uploads/news/185/changelog-news-185.mp3 Processing state: processed JSON: https://stenobird.com/v1/public/podcasts/the-changelog-software-development-open-source/episodes/bitwarden-cli-compromised-news Duration seconds: 513 ## Resource Bitwarden's CLI got hit by the Checkmarx supply-chain campaign, TypeScript 7.0 beta lands with the Go-rewritten compiler running ~10x faster than 6.0, and pgBackRest lost its maintainer of thirteen years leaving anyone running production Postgres with a real dependency-trust task this week. We've also got Ubuntu 26.04 LTS shipping with TPM-backed full-disk encryption, and Matz dropping Spinel as an AOT path that takes Ruby to native binaries. This week was a good reminder that the tools we depend on are all moving at once. Security, performance, and maintenance aren't isolated threads. ## Actions - request_transcript: `POST https://stenobird.com/v1/public/podcasts/the-changelog-software-development-open-source/episodes/bitwarden-cli-compromised-news/transcription-requests` — Idempotently request low-priority transcript generation for this episode. - read_markdown: `GET https://stenobird.com/podcast/the-changelog-software-development-open-source/bitwarden-cli-compromised-news.md` — Read the agent-friendly Markdown representation of this episode resource. A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed. ## Transcript Full transcripts are not published on public pages unless there is a clear rights basis.