Checkmarx Data Breach: GitHub Data Exposed on Dark Web

Checkmarx Data Breach Unveiled

Checkmarx, a prominent player in cybersecurity, has confirmed a significant breach involving its GitHub repository data, now posted on the dark web. This revelation stems from an ongoing investigation into a security incident initially detected on March 23, 2026. The breach is believed to be connected to a supply chain attack that facilitated unauthorized access to the company’s GitHub repository.

Details of the Data Breach

The Israeli security firm clarified that the compromised GitHub repository operates independently of its customer production systems, highlighting that no customer data is stored within. Checkmarx is actively conducting a forensic examination to assess the scope and nature of the leaked data. As a precautionary measure, the company has restricted access to the affected repository.

In response to the incident, Checkmarx has assured stakeholders that should customer information be implicated, they will promptly inform all relevant parties. The investigation is part of the company’s comprehensive incident response strategy.

Implications of the Dark Web Posting

The breach gained wider attention following a post by Dark Web Informer, indicating that the LAPSUS$ cybercriminal group has listed Checkmarx among its victims on a data leak site. The exposed data allegedly includes sensitive elements such as source code, employee databases, API keys, and credentials for MongoDB/MySQL.

The breach is linked to the Trivy supply chain attack, which compromised Checkmarx’s GitHub Actions workflows and plugins in the Open VSX marketplace. The attackers, identified as TeamPCP, used the breach to distribute a credential-stealing malware targeting developer secrets.

Security Consequences and Future Actions

Recently, the same group is suspected to have targeted Checkmarx’s KICS Docker image, along with two VS Code extensions, further propagating the malware. This chain of events led to a temporary compromise of the Bitwarden CLI npm package.

The ongoing investigation by Checkmarx aims to fully comprehend the breach’s impact and prevent future occurrences. As the situation develops, the company remains committed to transparency and safeguarding its systems against such threats.

In conclusion, Checkmarx’s swift response and ongoing efforts to secure its systems underscore the importance of robust cybersecurity measures in an increasingly digital world.