Checkmarx supply chain security incident on March 23, 2026

Checkmarx identified a cybersecurity supply chain incident on March 23, 2026. Attackers gained un The artifacts include VS Code extensions, GitHub Actions workflows, and a Jenkins plugin. Checkmarx also reported that a cybercriminal group published data to the dark web originating from the repositories. The company has conducted an investigation with the support of external forensic specialists including Mandiant. The investigation is in its final stages. Key actions taken include removing malicious artifacts and publishing clean, verified replacements across all affected channels. Checkmarx rotated and revoked exposed credentials. It blocked outbound access to infrastructure controlled Checkmarx engaged law enforcement and notified relevant Mandiant confirmed that the AWS production environment was not impacted. There was no threat actor access to the Checkmarx One SaaS environment. Threat actor activity was limited to the Checkmarx GitHub environment, a limited number of infected workstations, and initial reconnaissance of Checkmarx AWS credentials. The last evidence of threat actor activity occurred on April 22, 2026. Malicious code has been removed from the GitHub environment. Checkmarx has implemented additional security controls and is reviewing environments for indications of further compromise.