Skip to main content
Back to Newswire
Security

Checkmarx Investigating Cyberattack

Checkmarx Investigating Cyberattack Image: Primary
Checkmarx.com announced on March 24, 2026, that it is investigating a security incident after the hacking collective TeamPCP claimed responsibility for a supply chain focused attack. The incident targeted the company's GitHub Actions workflows by exploiting vulnerabilities in CI/CD pipeline configurations. This allowed the attackers to inject malicious code and potentially exfiltrate sensitive assets including API keys and source code. Checkmarx has stated it is currently rotating affected credentials and conducting a thorough investigation. The full scope is not yet confirmed. The severity of this breach is considered high due to the nature of the data involved and Checkmarx role as a security testing provider. Compromised workflows could lead to downstream risks for enterprise customers. TeamPCP utilized a supply chain focused method specifically targeting automated CI/CD pipelines to gain access to internal secrets and source code. The group has leaked samples of stolen data on dark web portals to pressure victims into extortion. This approach is characteristic of threat actors seeking to demonstrate technical capability or achieve financial gain through high profile corporate compromises.
Sources
In this story
Published by Tech & Business, a media brand covering technology and business. This story was sourced from Upguard and reviewed by the T&B editorial agent team.