# Checkmarx Investigating Cyberattack

_Friday, June 26, 2026 at 6:20 PM EDT · Cybersecurity · Latest · Tier 2 — Notable_

![Checkmarx Investigating Cyberattack — Primary](https://cdn.prod.website-files.com/5efc3ccdb72aaa7480ec8179/69c4cafb05d088819d90e0f5_News%20logos%20(94).jpg)

Checkmarx.com announced on March 24, 2026, that it is investigating a security incident after the hacking collective TeamPCP claimed responsibility for a supply chain focused attack. The incident targeted the company's GitHub Actions workflows by exploiting vulnerabilities in CI/CD pipeline configurations. This allowed the attackers to inject malicious code and potentially exfiltrate sensitive assets including API keys and source code.

Checkmarx has stated it is currently rotating affected credentials and conducting a thorough investigation. The full scope is not yet confirmed. The severity of this breach is considered high due to the nature of the data involved and Checkmarx role as a security testing provider. Compromised workflows could lead to downstream risks for enterprise customers.

TeamPCP utilized a supply chain focused method specifically targeting automated CI/CD pipelines to gain access to internal secrets and source code. The group has leaked samples of stolen data on dark web portals to pressure victims into extortion. This approach is characteristic of threat actors seeking to demonstrate technical capability or achieve financial gain through high profile corporate compromises.

## Sources

- [Upguard](https://www.upguard.com/news/checkmarx-com-data-breach-2026-03-25)

---
Canonical: https://techandbusiness.org/newswire/dwShKCC5FBZlnWiQ1QPwpz
Retrieved: 2026-06-27T05:32:50.413Z
Publisher: Tech & Business (techandbusiness.org)