{"id":725,"date":"2026-04-27T16:22:59","date_gmt":"2026-04-27T16:22:59","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=725"},"modified":"2026-04-27T16:22:59","modified_gmt":"2026-04-27T16:22:59","slug":"checkmarx-confirms-github-repository-data-posted-on-dark-web-after-march-23-attack","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=725","title":{"rendered":"Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Apr 27, 2026<\/span><\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgWLDpoCXOE_C970Jb9YXSPl2DIDXlL2K2ZDch28huIDzQhLoliuasxjBz3mmCWcDe2u136HN7pDJUu0XBjVkgP6lQJSQTRL4VU_jqhXNwQyb8xLdDD8-9WKQxGp7eT_7WzNpqYPplV1nvvSF5cPwsT3q88d-52g7iU_hP9pxCoU5muOhBTqnTHgGl8Scr8\/s1700-e365\/Checkmarx.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web.<\/p>\n<p>\u00abBased on current evidence, we believe this data originated from Checkmarx&#8217;s GitHub repository, and that access to that repository was facilitated through the initial supply chain attack of March 23, 2026,\u00bb the Israeli security company <a href=\"https:\/\/checkmarx.com\/blog\/checkmarx-security-update-april-26\/\">said<\/a>.<\/p>\n<p>It also emphasized that the GitHub repository is maintained separately from its customer production environment, adding that no customer data is stored in the repository. Checkmarx said its forensic probe into the incident is ongoing and that it&#8217;s actively working to verify the nature and scope of the posted data.<\/p>\n<p>Furthermore, the company said it has locked down access to the affected GitHub repository as part of its incident response efforts.<\/p>\n<p>\u00abIf we determine that customer information was involved in this incident, we will notify customers and all relevant parties immediately,\u00bb it said.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/ai-security-guide-d-1\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjRxP56rpa2W0O_0yc0xgs5l2r4FRV4Wiuq3IqWuFdsd_4g1c3oRVXoHtW9gxo8ObuxmyjqkAf3cD6N1JbVDos7QX99ZHtmeVrg-FUzSnMZLTl1ZFyiSkpqQiw6BcHXz52jr3s42xWEDFOpwWK6HgXOqscGMNkhA5pZK7h6zVV4dpDaLfgy17TidZXVrtUB\/s728-e100\/nudge-d-1.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>The development comes after the Dark Web Informer <a href=\"https:\/\/x.com\/DarkWebInformer\/status\/2048185612209881515\">shared<\/a> in an X post that the LAPSUS$ cybercrime group claimed three victims on its data leak site, one of which includes Checkmarx. The data, per the listing, contains source code, employee database, API keys, and MongoDB\/MySQL credentials.<\/p>\n<p>Checkmarx suffered a breach late last month following the Trivy supply chain attack, as a result of which two of its GitHub Actions workflows and two plugins distributed via the Open VSX marketplace were tampered with to push a credential stealer capable of harvesting a wide range of developer secrets. The threat actor known as TeamPCP claimed responsibility for the attack.<\/p>\n<p>Last week, the financially motivated group is suspected\u00a0to have compromised Checkmarx&#8217;s KICS Docker image, along with the two VS Code extensions and a GitHub Actions workflow with a similar credential-stealing malware. This, in turn, had a cascading impact, leading to a brief compromise of the Bitwarden CLI npm package.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802Apr 27, 2026 Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company&hellip;<\/p>\n","protected":false},"author":1,"featured_media":726,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[220,857,63,387,38,71,583,1426,1425,213],"class_list":["post-725","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-attack","tag-checkmarx","tag-confirms","tag-dark","tag-data","tag-github","tag-march","tag-posted","tag-repository","tag-web"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/725","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=725"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/725\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/726"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=725"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=725"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=725"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}