Checkmarx says its investigation into the supply chain security incident found data related to the company was published on the dark web and that current evidence indicates the data originated from a Checkmarx GitHub repository accessed via the March 23, 2026 attack. The company says the repository is separate from its customer production environment, has been locked down while forensic analysis continues, and noted claims by threat actors including LAPSUS$ and TeamPCP in connection with related Trivy and downstream compromises. #Checkmarx #LAPSUS$ #TeamPCP #Trivy #KICS #Bitwarden
Keypoints
- Checkmarx disclosed that data associated with the company was posted on the dark web following a supply chain attack.
- Current evidence points to the data originating from a Checkmarx GitHub repository accessed during the March 23, 2026 incident.
- Checkmarx says the GitHub repository is separate from its customer production environment and does not store customer data, while forensics continue.
- The company has locked down the affected repository and will notify customers and relevant parties if customer information is found.
- Threat actors LAPSUS$ and TeamPCP have been linked to the wider incident, which involved Trivy-related tampering and impacted KICS, VS Code extensions, GitHub Actions workflows, and briefly the Bitwarden CLI npm package.
Read More: https://thehackernews.com/2026/04/checkmarx-confirms-github-repository.html