Checkmarx Confirms Data Theft Following Multi-Stage Supply Chain Attack

Checkmarx confirms data theft in a supply chain attack via GitHub Actions, involving TeamPCP and Lapsus$, now fully contained.

By Content Team

Apr 29, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cybersecurity firm Checkmarx has confirmed that hackers stole data during a supply chain attack that began March 23, 2026. The breach, traced to the Trivy supply chain hack, allowed the TeamPCP group — potentially partnered with the Lapsus$ extortion gang — to hijack GitHub Actions and poison multiple open source packages. A second attack wave on April 22 compromised a DockerHub image and even the Bitwarden CLI NPM package. Lapsus$ later dumped a 96GB archive online, claiming it contained source code, employee data, and credentials. Checkmarx has since hired Mandiant, notified law enforcement, and says the breach is now fully contained.

Source: SecurityWeek

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

AI-Generated 'DeepLoad' Malware Uses Advanced Evasion to Steal Credentials

Mar 31, 2026

Cheshire School Closes After Ransomware Attack

Jan 18, 2026

Massive Supply Chain Attack on Trivy Tool Threatens Thousands of Organizations

Mar 25, 2026

AI-Assisted Scan Uncovers 9-Year-Old Linux Vulnerability Affecting Every Modern Build

May 1, 2026