Checkmarx, an Israeli security firm, has reported a significant data breach associated with a supply chain vulnerability that exposed sensitive information on the dark web. The investigation traced this unauthorized access back to a cyberattack on March 23, 2026, which compromised the company’s GitHub repository.
According to Checkmarx, preliminary findings indicate that the leaked data originated from its GitHub repository, suggesting a targeted intrusion that bypassed the company’s defenses. Importantly, Checkmarx reassures its clients that this repository operates independently from its production environment and does not contain any customer data. The firm is currently conducting a thorough forensic investigation to ascertain the full extent of the leak and the specific information posted online.
As part of its incident response strategy, Checkmarx has restricted access to the impacted GitHub repository. The company has committed to transparently notifying its customers and relevant parties should they determine that any customer information has been compromised in this incident.
The timing of this revelation coincides with claims made by the LAPSUS$ cybercrime group, which recently named Checkmarx among its victims on a data leak site. Reports indicate that the compromised data includes sensitive items such as source code, employee databases, API keys, and MongoDB/MySQL credentials.
This breach follows a previous incident late last month, where Checkmarx’s security infrastructure was targeted as part of a larger supply chain attack. The attack compromised various GitHub Actions workflows and plugins associated with the Open VSX marketplace, involving credential-stealing malware disseminated by the threat actor known as TeamPCP.
On a broader scale, the implications of this incident underscore emerging concerns about supply chain vulnerabilities and the sophistication of modern cyber threats. The associated tactics may include initial access via supply chain vulnerabilities, persistence through compromised repositories, and potential privilege escalation to exploit additional services.
As organizations increasingly rely on external technology partners, the exposure to such risks highlights the necessity for robust cybersecurity measures and proactive monitoring. Those in leadership roles should consider evaluating their security postures to mitigate vulnerabilities that may arise from third-party integrations, especially in light of the ongoing threat landscape.
More updates on this evolving situation can be anticipated as Checkmarx continues its investigation and takes necessary actions to fortify its defenses against future breaches.