Checkmarx, a firm specializing in application security, faces an investigation after it was confirmed that company data was published on the dark web. The incident originated from a supply chain attack that occurred on March 23, 2026, which allowed unauthorized access to its GitHub repository. The company is working to mitigate the risks of this leak.
The weak link: the code repository as an entry point 🔐
Evidence suggests that cybercriminals exploited a vulnerability in the supply chain to access Checkmarx's GitHub repository. This type of attack is common in DevOps environments, where integrations with third-party tools can expose credentials or tokens. The leak includes data that could compromise client projects. The company recommends reviewing permissions and rotating access keys to reduce the impact.
The irony of a security firm ending up on the dark web 😅
That a company that sells protection against leaks ends up with its own data on the dark web has its comedic side. It's like a locksmith losing his master keys. While Checkmarx investigates, the attackers have already made their move. The curious thing is that access was achieved through a backdoor in the supply chain, something they themselves warn their clients about. The moral: no one is safe, not even those selling the insurance.