Checkmarx Confirms GitHub Data Leak on Dark Web Repository Published

An ongoing security incident at application security testing firm Checkmarx has significantly escalated, the company confirmed.

Cybercriminals have officially published company data on the dark web. This new development directly ties back to a supply chain attack that initially compromised the company’s systems on March 23, 2026.

Working alongside a leading third-party forensic firm, Checkmarx traced the leaked information directly to its corporate GitHub repository.

The attackers leveraged the initial March breach to bypass security controls and gain unauthorized access to this specific developer environment.

GitHub repositories are frequent targets for threat actors because they often contain proprietary source code and internal infrastructure details.

By stealing this data, cybercriminals typically attempt to identify new vulnerabilities or extort the victim company.

Isolating the Repository

Following the discovery of the dark web leak, Checkmarx immediately implemented critical containment measures.

The incident response team locked down all access to the affected GitHub repository to prevent further unauthorized activity.

This lockdown gives their forensic investigators a secure, isolated environment to analyze the full scope of the breach.

The team is currently working to identify exactly what source code or internal documentation the cybercriminal group managed to exfiltrate during the attack window.

Securing the repository is a vital step to sever the attackers’ access and preserve digital evidence.

One major concern during any corporate data breach is the safety of sensitive customer information.

Checkmarx has provided strong reassurances regarding the security of client data and production environments.

Key security safeguards currently protecting users include:

• Maintaining the compromised GitHub repository entirely separate from customer production environments.
• Enforce strict corporate policies that prohibit storing customer data within any GitHub repositories.
• Continuing active forensic investigations to verify the exact nature and scope of the posted dark web data.
• Committing to immediate notification protocols if the investigation reveals any unexpected customer data exposure.

Because developer environments and production servers are strictly segmented, the risk of threat actors pivoting from the GitHub repository into active customer instances remains incredibly low.

Next Steps for Users

Checkmarx is currently working around the clock to analyze the leaked files discovered on the dark web.

The company expects to share a more detailed technical update within 24 hours as its forensic team uncovers more evidence.

Organizations that use Checkmarx tools should closely monitor official communications.

While the current evidence suggests customer data is safe, security teams should always remain vigilant following a supply chain incident.

If you have immediate questions or need assistance assessing your own environment’s security posture, Checkmarx advises opening a direct case through their official Support Portal.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.