"Based on current evidence, we believe this data originated from Checkmarx's GitHub repository, and that access to that repository was facilitated through the initial supply chain attack of March 23, 2026."
"Checkmarx said its forensic probe into the incident is ongoing and that it's actively working to verify the nature and scope of the posted data."
"If we determine that customer information was involved in this incident, we will notify customers and all relevant parties immediately."
"The data, per the listing, contains source code, employee database, API keys, and MongoDB/MySQL credentials."
Checkmarx's investigation into a supply chain security incident has uncovered that a cybercriminal group published data from its GitHub repository on the dark web. The data is believed to have originated from a supply chain attack on March 23, 2026. Checkmarx confirmed that the GitHub repository is separate from its customer production environment, ensuring no customer data is stored there. The company has restricted access to the affected repository and is actively verifying the nature of the posted data. If customer information is involved, Checkmarx will notify affected parties immediately.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]