"Current evidence indicates that this data originated from Checkmarx's GitHub repositories, and that access to those repositories was facilitated through the initial supply chain attack of March 23, 2026."
"The hackers accessed Checkmarx's GitHub environment using credentials compromised via the Trivy hack on March 23 and poisoned two OpenVSX plugins and two GitHub Actions workflows."
"Despite these measures, the attackers either retained or regained access to the environment, and on April 22, published a fresh round of malicious code by poisoning a DockerHub KICS image, a GitHub action, a VS Code extension, and a Developer Assist extension."
Checkmarx confirmed that a supply chain attack on its KICS open source project led to data theft. The attack, attributed to TeamPCP, involved hijacking GitHub Action version tags to reference malware. Lapsus$ also claimed responsibility, stating they stole source code, employee databases, API keys, and credentials. The attackers accessed Checkmarx's GitHub environment using compromised credentials from the Trivy hack. Despite security measures, the attackers published more malicious code, affecting various platforms, including the Bitwarden CLI NPM package.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]