Checkmarx Confirms Source Code Leak as Supply-Chain Attack on Security Tools Escalates
Checkmarx has confirmed that data posted by the Lapsus$ extortion group originated from its GitHub repository, accessed via a prior compromise of the Trivy open-source scanner in an ongoing supply-chain campaign targeting security and developer tools.
Software security testing firm Checkmarx has become the latest victim in an escalating supply-chain attack that is deliberately targeting security and developer tools. The company confirmed on Sunday that data posted online by the Lapsus$ extortion group appears to have come from one of its GitHub repositories, accessed through the initial compromise of Trivy, an open-source vulnerability scanner maintained by Aqua Security, on March 23, 2026.
The attack, carried out by a cybercrime group calling itself TeamPCP, began in late February when the group compromised Trivy's CI/CD secrets. On March 16, TeamPCP injected credential-stealing malware into Trivy, harvesting developers' secrets, cloud credentials, SSH keys, and Kubernetes configuration files, and planting persistent backdoors on developer machines. This intrusion gave the attackers an initial access vector into several other open-source tools, including LiteLLM, Telnyx, and Checkmarx's KICS static analysis tool.
On March 23, TeamPCP injected the same credential-stealing malware into KICS and pushed poisoned Docker images to the official checkmarx/kics Docker Hub repository. According to supply-chain security researchers at Socket, the poisoned image contained a modified KICS binary with data collection and exfiltration capabilities not present in the legitimate version. The malware could generate an uncensored scan report, encrypt it, and send it to an external endpoint, creating a serious risk for teams using KICS to scan infrastructure-as-code files.
The attackers also compromised additional Checkmarx developer tooling, including Checkmarx GitHub Actions and two Open VSX plugins. The stolen data includes source code, API keys, MongoDB and MySQL login credentials, and employee details. Checkmarx has locked down access to the affected repository and said it will notify all relevant parties immediately if any customer information was posted online.
Late last week, Socket researchers revealed that open-source password manager Bitwarden's CLI was also compromised as part of the Checkmarx intrusion, vastly expanding the potential blast radius. Bitwarden claims more than 10 million users and over 50,000 businesses. "Attackers are deliberately targeting the tools developers are told to trust most: security scanners, password managers, and other high-privilege software wired directly into developer environments," Socket CEO Feross Aboukhadijeh told The Register.
After initially compromising Trivy, LiteLLM, KICS, and other open-source security tools, TeamPCP partnered with ransomware and extortion groups including Vect and Lapsus$, bragging on BreachForums that "we will pull off even bigger supply chain operations. We will chain these compromises into devastating follow-on ransomware campaigns." In early April, AI training startup Mercor confirmed it was one of thousands of companies affected by the LiteLLM supply-chain attack.
This campaign represents a dangerous evolution in supply-chain attacks, where adversaries are no longer just bypassing security tools but targeting them directly. As Aboukhadijeh noted, "They know these products are deeply embedded, highly trusted, and often massively overprivileged. That makes them incredibly effective attack vectors." The Checkmarx incident underscores the cascading risks when trusted developer infrastructure is weaponized against the very ecosystem it was designed to protect.