Back

Checkmarx Data Leak Linked to Supply-Chain Attack by TeamPCP

Severity: High (Score: 71.0)

Sources: checkmarx.com, ramp.com, Foro3D, Theregister, socket.dev

Summary

Checkmarx, a software security firm, is investigating a significant data leak after its GitHub repository was compromised in a supply-chain attack on March 23, 2026. The attack, attributed to the TeamPCP cybercrime group, involved the injection of credential-stealing malware into Checkmarx's KICS tool, which allowed unauthorized access to sensitive company data. The leaked information includes source code, API keys, and employee details, posing a risk to client projects. Checkmarx has locked down the affected repository and is working to assess the scope of the breach. The incident highlights vulnerabilities in DevOps environments where third-party integrations can expose sensitive credentials. The attackers initially compromised Trivy, an open-source vulnerability scanner, to gain access to Checkmarx's systems. As of April 27, 2026, Checkmarx has not confirmed the full extent of the data leak but is expected to provide updates soon. Key Points: • Checkmarx's GitHub repository was compromised in a supply-chain attack on March 23, 2026. • The attack was executed by the TeamPCP group, utilizing malware injected into the KICS tool. • Sensitive data leaked includes source code, API keys, and employee information.

Key Entities

  • Malware (attack_type)
  • Supply Chain Attack (attack_type)
  • Trojan (attack_type)
  • Aqua Security (company)
  • Checkmarx (company)
  • Mercor (company)
  • Open VSX (company)
  • Telnyx (company)
  • Bitwarden (tool)
  • GitHub Actions (tool)
  • KICS (tool)
  • LiteLLM (tool)
  • Open VSX Plugins (tool)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • T1003 - OS Credential Dumping (mitre_attack)
  • T1041 - Exfiltration Over C2 Channel (mitre_attack)
  • T1195 - Supply Chain Compromise (mitre_attack)
  • T1567.002 - Exfiltration to Cloud Storage (mitre_attack)
  • Docker Hub (platform)
  • GitHub (platform)
  • Bitwarden CLI (platform)
  • Open VSX Marketplace (platform)
  • Vect (ransomware_group)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed