Ethical Hacking News
Checkmarx has confirmed that it was a victim of a data breach at the hands of LAPSUS$ hackers. The hackers leaked stolen GitHub data, compromising sensitive information. Customer information is not stored in Checkmarx's GitHub repository, reducing the risk of potential harm to customers. The company will share more details as a forensic investigation is underway.
The leading application security company Checkmarx suffered a data breach attributed to the LAPSUS$ hacking group. The breach was caused by the Trivy supply-chain attack, allowing the hackers to gain unauthorized access to Checkmarx's GitHub repository. Malicious code and stolen credentials were published on March 23, including Docker images, VSCode and Open VSX extensions for Checkmarx's KICS security scanner. Customer information is not stored in Checkmarx's GitHub repository, reducing the risk of potential harm to customers. The company is conducting a forensic investigation to determine the exact type of data that was exposed and will share more details within 24 hours. The breach highlights the importance of maintaining robust security measures and staying informed about the latest threats and countermeasures.
Checkmarx, a leading application security company, has confirmed that it was the victim of a data breach at the hands of the notorious hacking group known as LAPSUS$. According to the company's official statement, the LAPSUS$ hackers leaked stolen data from Checkmarx's private GitHub repository, compromising sensitive information.
The breach is attributed to the Trivy supply-chain attack, which provided access to credentials from downstream users. The threat actor used these stolen credentials to gain unauthorized access to Checkmarx's GitHub environment and subsequently published malicious code on March 23.
As a result of this renewed access or month-long persistence, the attacker published malicious Docker images, VSCode and Open VSX extensions for Checkmarx's KICS security scanner, which stole credentials, keys, tokens, and config files. This malicious activity is believed to have originated from the GitHub repository that was compromised by the LAPSUS$ hackers.
Checkmarx has confirmed that the data leaked on the dark web belongs to the company and originates from the March 23 compromise. However, it's essential to note that customer information is not stored in Checkmarx's GitHub repository, reducing the risk of potential harm to customers.
The company estimates that it will share more details within the next 24 hours as a forensic investigation is underway to determine the exact type of data that has been exposed. In the meantime, access to the affected GitHub repository has been blocked until the investigation is complete.
This breach highlights the importance of maintaining robust security measures and keeping software up-to-date, especially in cases where supply-chain attacks are involved. The use of advanced threat actor tactics and the ability to pivot between different systems and tools demonstrate the sophisticated nature of modern cyberattacks.
As a response to this incident, it's essential for organizations to prioritize cybersecurity awareness and take proactive steps to protect their own data and systems from similar threats. This may involve implementing robust security protocols, conducting regular vulnerability assessments, and staying informed about the latest threats and countermeasures.
In addition, Checkmarx has emphasized that it is committed to ensuring the confidentiality and integrity of its customers' information and will take all necessary steps to mitigate any potential damage caused by this breach.
Overall, this incident serves as a timely reminder of the importance of robust cybersecurity measures and the need for organizations to stay vigilant in protecting their data and systems from sophisticated cyber threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Data-Breach-Alert-Checkmarx-Confirms-LAPSUS-Hackers-Leaked-Its-Stolen-GitHub-Data-ehn.shtml
https://www.bleepingcomputer.com/news/security/checkmarx-confirms-lapsus-hackers-leaked-its-stolen-github-data/
https://www.techradar.com/pro/security/checkmarx-admits-it-was-hit-by-major-cyberattack-that-saw-data-leaked-onto-dark-web
https://en.wikipedia.org/wiki/Lapsus$
https://www.cisa.gov/sites/default/files/2023-08/CSRB_Lapsus$_508c.pdf
Published: Tue Apr 28 10:30:22 2026 by llama3.2 3B Q4_K_M
