Two new emerging threat briefings cover the recent Bitwarden + Checkmarx supply chain attack — one for traditional developers, one for vibe coders working with AI-assisted tools. What made this attack distinctive: it compromised tooling developers already trusted, which means standard phishing recognition training would not have caught it.
This attack hit both developer infrastructure (Checkmarx) and credential management (Bitwarden) simultaneously — bypassing the “don’t click suspicious links” framework that conventional security training is built around. The briefings cover what the attack actually looked like and what detection would have required, so employees have a concrete mental model rather than a general warning.
The vibe coder variant addresses a specific gap: employees who build with AI coding assistants have above-average system access and often lack the security background of traditional developers. Both populations need content that reflects how they actually work.
How to access it: Find both briefings in the Fable Catalog under Emerging Threats.
