ACCORDING to Checkmarx, the ongoing investigation into its supply chain security incident has found that a cybercriminal group published data related to the company on the dark web. The firm says, based on current evidence, that this data originated from Checkmarx’s GitHub repository and that access to that repository was facilitated through the initial supply chain attack of 23 March 2026.
The GitHub repository is maintained separately from the customer production environment, and Checkmarx emphasises that no customer data is stored in the repository. It has locked down access to the affected GitHub repository as part of its incident response, and will notify customers and all relevant parties immediately if customer information was involved.
The development follows a Dark Web Informer post claiming that the LAPSUS$ group listed three victims, including Checkmarx, with data such as source code and credentials appearing on the leak site. Checkmarx added that its forensic probe remains ongoing to verify the nature and scope of the posted data.