CheckMarx admits it was hit by major cyberattack that saw data leaked onto Dark Web

Pro Security CheckMarx admits it was hit by major cyberattack that saw data leaked onto Dark Web News By Sead Fadilpašić published 28 April 2026 March 2026 attack did result in CheckMarx data theft When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. OpenVPN-protokollet - därför är det så bra (Image credit: Shutterstock) Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter CheckMarx confirms breach tied to a recent supply chain attackStolen data originated from its GitHub repository, with investigations still ongoingThreat actors later claimed to have exfiltrated source code and sensitive credentialsA day after Checkmarx’s data appeared on the dark web, the company has officially confirmed suffering a data breach.In a breach notification published on the company blog, Checkmarx said it was still investigating the incident, but confirmed the leaked data was stolen from its GitHub repository, and that access to that repository was facilitated, "through the initial supply chain attack of March 23, 2026."What Checkmarx is referring to is a supply chain incident that affected Trivy, an open source vulnerability scanner. A week before the attack, a group known as TeamPCP smuggled an infostealer into the scanner, nabbing user secrets, cloud credentials, SSH keys, and Kubernetes configuration files. After that they added persistent backdoors on the devices of the victimized developers, for further access.Article continues below You may like Vercel confirms data breach EU cyberattack may have been worse than we thought - 90GB of data published online as 30 entities hit HackerOne says employees hit by data breach - and Navia hack is to blame Lapsus$ leaks the filesFrom there, they were also able to pivot into other environments, including LiteLLM, Telnyx, and KICS. They also compromised other Checkmarx tools, GitHub Actions, and two Open VSX plugins. At the time, the researchers said the malware stole browser data (cookies, autofill information, browsing history, bookmarks, credit cards, and login credentials, from the biggest browsers such as Opera, Chrome, Brave, Vivaldi, Yandex, and Edge), Discord data (including Discord tokens, which can be used to access accounts), cryptocurrency wallet data, Telegram chat sessions, computer files, and Instagram data.It was suggested that more than 170,000 people may have been at risk.The company has since barred access to the affected repository and said if it determines user data was stolen, it will notify affected parties immediately.A day before posting that notification, threat actors calling themselves Lapsus$ added Checkmarx to their data leak website, claiming to have exfiltrated source code, API keys, MongDB and MySQL login credentials, and employee details. Checkmarx has not commented on these claims. window.sliceComponents = window.sliceComponents || {}; externalsScriptLoaded.then(() => { window.reliablePageLoad.then(() => { var componentContainer = document.querySelector("#slice-container-newsletterForm-articleInbodyContent-PNFAphkBVToWQ9cvPnLkEi"); if (componentContainer) { var data = {"layout":"inbodyContent","header":"Are you a pro? Subscribe to our newsletter","tagline":"Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to…

This excerpt is published under fair use for community discussion. Read the full article at TechRadar.