A cybersecurity firm has confirmed that data stolen from its GitHub repository has been published on the dark web. The disclosure comes as part of an ongoing investigation into a supply chain security incident that began in late March.
Checkmarx, an application security testing company, stated that evidence gathered so far indicates the leaked data originated from its GitHub repository. The company believes unauthorized access to that repository was achieved through an initial supply chain attack that took place on March 23, 2026.
The company made the announcement in a security advisory issued to its customers and the wider cybersecurity community. The advisory did not specify the exact nature of the data that was published or the identity of the cybercriminal group allegedly responsible for the leak.
Nature of the Incident
The March 23 attack targeted the software supply chain. Supply chain attacks involve compromising a trusted third party, such as a software vendor, to gain access to the systems of their customers. In this case, the attackers initially breached a part of Checkmarx’s infrastructure before moving laterally to the GitHub repository.
Checkmarx’s platform is used by developers to identify security vulnerabilities in code during the software development lifecycle. A compromise of its repository could potentially expose proprietary source code, internal tooling, or configuration files that could be used in further attacks against the company or its clients.
The company has not confirmed whether any customer data, proprietary algorithms, or sensitive credentials were included in the leaked material. Security researchers are currently analyzing the published data to assess its potential impact.
Response and Investigation
Checkmarx stated that its investigation is ongoing. The company has engaged external cybersecurity experts to assist with the forensic analysis and to determine the full scope of the breach. The company has also notified relevant law enforcement authorities.
As part of its response, Checkmarx said it has implemented additional security measures to prevent further unauthorized access. This includes rotating credentials, reviewing access controls, and auditing the security of its GitHub repositories and related development infrastructure.
The firm advised customers to review their own security postures and to monitor for any unusual activity that could be linked to the incident. However, Checkmarx did not issue a mandatory patch or recommend specific software updates at this time.
Broader Implications for the Industry
The incident highlights ongoing risks associated with software supply chain security. The attack on Checkmarx follows a pattern of recent breaches where threat actors target code repositories and development environments. Such attacks can have cascading effects, as compromised software components are distributed to end users.
The publication of internal company data on the dark web represents a significant escalation from the initial breach. It suggests that the attackers have successfully exfiltrated and are now monetizing or weaponizing the stolen information. This development increases the urgency for organizations to secure their software supply chains and to monitor for signs of compromise.
Cybersecurity professionals note that attackers often combine supply chain compromises with data extortion. Once data is published on the dark web, the potential for reputational damage, intellectual property theft, and regulatory scrutiny grows significantly.
Checkmarx has not provided a timeline for completing its investigation. The company stated that it will continue to provide updates as new information becomes available. Industry observers expect that the full impact of the data leak will take weeks or months to assess fully.
