Checkmarx Investigating Cyberattack

Checkmarx.com announced on March 24, 2026, that it is investigating a security incident after the hacking collective TeamPCP claimed responsibility for a supply chain focused attack. The incident targeted the company's GitHub Actions workflows Checkmarx has stated it is currently rotating affected credentials and conducting a thorough investigation. The full scope is not yet confirmed. The severity of this breach is considered high due to the nature of the data involved and Checkmarx role as a security testing provider. Compromised workflows could lead to downstream risks for enterprise customers. TeamPCP utilized a supply chain focused method specifically targeting automated CI/CD pipelines to gain access to internal secrets and source code. The group has leaked samples of stolen data on dark web portals to pressure victims into extortion. This approach is characteristic of threat actors seeking to demonstrate technical capability or achieve financial gain through high profile corporate compromises.