Checkmarx Confirms Data Theft in GitHub Supply Chain Attack

Checkmarx confirmed that data was stolen in a supply chain attack targeting its GitHub environment on March 30. The breach occurred one week after hackers published malicious code, though the specific threat actor was not explicitly named in the incident. No technical details about the exfiltrated data, such as file types or volume, were disclosed. The attack aligns with tactics previously associated with groups like Lapsus$ and TeamPCP, though attribution remains unconfirmed. The incident underscores risks in software supply chain security, particularly within version control platforms.