# Checkmarx supply chain security incident on March 23, 2026 _Friday, June 26, 2026 at 4:39 PM EDT · Cybersecurity · Latest · Tier 2 — Notable_ ![Checkmarx supply chain security incident on March 23, 2026 — Primary](https://checkmarx.com/wp-content/uploads/2026/05/hero-april-27-1.png) Checkmarx identified a cybersecurity supply chain incident on March 23, 2026. Attackers gained unauthorized access to the company's GitHub repositories on March 19, 2026, due to the Trivy Supply Chain Attack. This access enabled the publication of malicious code to a number of externally distributed artifacts. The artifacts include VS Code extensions, GitHub Actions workflows, and a Jenkins plugin. Checkmarx also reported that a cybercriminal group published data to the dark web originating from the repositories. The company has conducted an investigation with the support of external forensic specialists including Mandiant. The investigation is in its final stages. Key actions taken include removing malicious artifacts and publishing clean, verified replacements across all affected channels. Checkmarx rotated and revoked exposed credentials. It blocked outbound access to infrastructure controlled by the attacker. The company locked down access to affected GitHub repositories while the investigation continues. Checkmarx engaged law enforcement and notified relevant authorities. It retained Mandiant to bolster the investigation. The company is conducting a code audit to verify no further malicious code is present beyond findings already identified. Mandiant confirmed that the AWS production environment was not impacted. There was no threat actor access to the Checkmarx One SaaS environment. Threat actor activity was limited to the Checkmarx GitHub environment, a limited number of infected workstations, and initial reconnaissance of Checkmarx AWS credentials. The last evidence of threat actor activity occurred on April 22, 2026. Malicious code has been removed from the GitHub environment. Checkmarx has implemented additional security controls and is reviewing environments for indications of further compromise. ## Sources - [Checkmarx](https://checkmarx.com/blog/ongoing-security-updates/) --- Canonical: https://techandbusiness.org/newswire/dwShKCC5FBZlnWiQ1PppSn Retrieved: 2026-06-27T00:57:04.777Z Publisher: Tech & Business (techandbusiness.org)