Checkmarx Confirms Data Stolen in Supply Chain Attack
The hackers exfiltrated the data from Checkmarx’s GitHub environment on March 30, a week after publishing malicious code. The post Checkmarx Confirms Data Stolen in Supply Chain Attack appeared first on SecurityWeek.
Checkmarx on Tuesday confirmed that last month’s supply chain attack targeting its KICS open source project also resulted in data theft.
The compromise was a result of the Trivy supply chain attack and allowed the attackers to hijack dozens of GitHub Action version tags to reference malware without visible changes.
Attributed to the infamous TeamPCP hacking group, the compromise was part of a large campaign targeting multiple open source software ecosystems for credential and sensitive information theft.
Source: https://www.securityweek.com/checkmarx-confirms-data-stolen-in-supply-chain-attack/
Related breach coverage
- Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks2026-04-30
An attacker could have planted a malicious configuration to execute commands outside the sandbox. The post Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks appeared first on SecurityWeek.
- SAP NPM Packages Targeted in Supply Chain Attack2026-04-30
The Mini Shai-Hulud attack introduced a preinstall hook to fetch and execute a Bun binary and bypass security monitoring. The post SAP NPM Packages Targeted in Supply Chain Attack appeared first on SecurityWeek.
- Critical GitHub Vulnerability Exposed Millions of Repositories2026-04-29
The remote code execution flaw CVE-2026-3854 was found to impact GitHub.com and GitHub Enterprise Server. The post Critical GitHub Vulnerability Exposed Millions of Repositories appeared first on SecurityWeek.
- Vimeo Confirms User and Customer Data Breach2026-04-28
The ShinyHunters group is threatening to leak stolen files unless Vimeo agrees to pay a ransom. The post Vimeo Confirms User and Customer Data Breach appeared first on SecurityWeek.