VulnHub

Real-time Cybersecurity News

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

The Hacker News
Data Breach

Overview

Checkmarx has confirmed that data from its GitHub repository was posted on the dark web following a supply chain attack on March 23, 2026. The company is currently investigating the breach and believes that the attackers gained access to its repository during this incident. This exposure could have significant implications for Checkmarx and its clients, as sensitive information may have been compromised. The incident highlights the ongoing risks associated with supply chain vulnerabilities, emphasizing the need for companies to enhance their security measures. As the investigation continues, Checkmarx is likely to provide further updates on the extent of the data breach and potential impacts on affected users.

Key Takeaways

  • Affected Systems: Checkmarx GitHub repository data
  • Timeline: Ongoing since March 23, 2026

Original Article Summary

Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. "Based on current evidence, we believe this data originated from Checkmarx's GitHub repository, and that access to that repository was facilitated through the initial supply chain attack of March 23, 2026,

Impact

Checkmarx GitHub repository data

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Ongoing since March 23, 2026

Remediation

Not specified

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Data Breach.

Read Original Article

Related Coverage

Senators seek answers about hackers obtaining sensitive student data from ostensibly anonymous tip line

CyberScoop

Senators Maggie Hassan and Jim Banks have reached out to Navigate360 after a hacker claimed to have accessed sensitive student data from a school safety tip line that was designed to be anonymous. This incident raises serious concerns about the security measures in place for tools meant to protect students and ensure their safety. The hackers' actions could put the personal information of students at risk, potentially leading to misuse or exploitation. The senators are seeking clarity on how this breach occurred and what steps are being taken to secure the data moving forward. This situation emphasizes the need for robust security protocols in educational tools that handle sensitive information.

Apr 27, 2026

Firefox and Tor Browser vulnerability allowed hidden identifiers

SCM feed for Latest

A vulnerability in Firefox and the Tor Browser has been discovered, linked to how IndexedDB, a database used by these browsers to store data, operates. This flaw can potentially expose hidden identifiers, which can compromise user privacy and anonymity. Both browsers are widely used, especially by individuals seeking enhanced privacy online, making this issue particularly concerning. Users of these browsers should be aware of the risks associated with this vulnerability, as it may allow malicious actors to track their online activities. It is crucial for users to stay updated with the latest browser patches to mitigate these risks.

Apr 27, 2026

BlackFile actively extorting data-theft victims in retail and hospitality sector

CyberScoop

A group of attackers known as BlackFile is actively extorting companies in the retail and hospitality sectors by threatening to release stolen data. Researchers believe these attackers are linked to another group called The Com. In a disturbing tactic, they have reportedly swatted company executives, which involves falsely reporting emergencies to law enforcement to create fear and pressure victims into complying with ransom demands. This aggressive strategy not only harms the targeted businesses but also raises concerns about the safety and privacy of their executives and employees. Companies in these sectors need to be vigilant about their cybersecurity measures and consider the potential risks of data breaches and extortion attempts.

Apr 27, 2026

Utilities Tech Supplier Itron Discloses Cyber-Attack, Operations Unaffected

Infosecurity Magazine

Itron, a technology supplier for utility companies, has reported a cyber incident but believes that its operations remain unaffected. The company has not provided detailed information about the nature of the attack or whether any sensitive data was compromised. Despite the incident, Itron reassured stakeholders that it does not expect any significant impact on its business. This revelation raises concerns about the cybersecurity measures in place within critical infrastructure sectors, as attacks on utility suppliers can have broader implications for service delivery and public safety. Stakeholders in the utilities sector should remain vigilant and conduct thorough assessments of their cybersecurity protocols.

Apr 27, 2026

Medtronic confirms breach after hackers claim 9 million records theft

BleepingComputer

Medtronic, a major player in the medical device industry, recently confirmed that its network was breached by hackers who accessed sensitive data from its corporate IT systems. The attackers claim to have stolen approximately 9 million records, raising significant concerns about the security of personal health information. While Medtronic has not disclosed specific details about the affected data or the nature of the breach, the incident underscores the vulnerability of healthcare organizations to cyberattacks. As the healthcare sector increasingly relies on digital systems, this breach serves as a reminder of the potential risks to patient privacy and the importance of robust cybersecurity measures. Medtronic is currently investigating the breach and working to secure its systems to prevent further incidents.

Apr 27, 2026

Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software

Security Affairs

A Chinese national executed a spear-phishing campaign targeting NASA employees by impersonating a U.S. researcher. This deception led to the unauthorized sharing of sensitive information related to defense software and export controls. The NASA Office of Inspector General is investigating the incident, which raises concerns about national security and the vulnerability of governmental agencies to social engineering attacks. Such incidents can have serious implications, as they may compromise sensitive technologies and data. The case underscores the need for enhanced cybersecurity measures and employee training to prevent future breaches.

Apr 27, 2026