Application security provider Checkmarx has officially confirmed a new security incident involving the exposure of its internal GitHub repository.
On April 27, 2026, Udi-Yehuda Tamar, the company’s VP of Platform Engineering and Global CISO, revealed that a cybercriminal group successfully leaked Checkmarx data on the dark web.
This alarming development stems from an earlier security incident that compromised their systems.
Investigators believe the threat actors gained access to the GitHub repository through the initial supply chain attack that originally hit the company on March 23, 2026.
This ongoing situation highlights the persistent nature of supply chain vulnerabilities and how initial unauthorized access can lead to secondary data exposures weeks later.
Investigation and Customer Impact
The company is actively collaborating with a leading third-party forensic firm to investigate the full scope and nature of the breach.
While dark web data leaks routinely raise immediate red flags regarding user privacy, Checkmarx has provided strong reassurance regarding its infrastructure architecture.
Key facts regarding the ongoing incident include:
- The compromised GitHub repository operates completely independently from the customer’s production environment.
- Standard company operational policies strictly prohibit storing customer data in this code repository.
- Forensic experts are continuously analyzing the dark web leak to verify the exact contents of the published data.
- Checkmarx guarantees immediate notification to all relevant parties if any customer information is unexpectedly discovered in the leak.
These architectural separations play a crucial role in containing the blast radius of the cyberattack.
By isolating development repositories from live production systems, Checkmarx aims to ensure that enterprise clients do not face direct risks from this specific exposure.
To rapidly contain the ongoing threat, the internal security teams have executed a swift incident response protocol.
They have completely locked down all access to the affected GitHub repository to prevent any further unauthorized activity or data exfiltration.
The forensic teams require this secure environment to safely continue their deep dive into the attackers’ tactics and lateral movements.
Organizations relying on Checkmarx application security solutions should monitor their vendor communications closely over the coming days.
The company expects to release a more comprehensive technical update within 24 hours as new forensic evidence emerges.
Customers who have technical questions about the exposure or require hands-on assistance assessing their own security environments should take action.
System administrators and security teams are encouraged to open a support case directly through the official Checkmarx Support Portal to receive targeted guidance.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
