The attacker exfiltrated source code and proprietary information from multiple GitHub repositories, prompting an ongoing investigation with law enforcement.
How the Attack Unfolded
Checkmarx, an application security company, confirmed that sensitive data from its GitHub repositories was posted on the dark web following a security breach on March 23. The attackers gained access to the company’s internal systems and exfiltrated source code and other proprietary information from its repositories. Checkmarx has not disclosed the exact method of entry but stated that they are working with law enforcement and forensic experts to investigate the incident.
Impact and Scope
The leaked data includes source code from multiple Checkmarx repositories, which could expose intellectual property and internal development practices. While Checkmarx has not reported any customer data being compromised, the breach poses a risk of threat actors analyzing the code for vulnerabilities or using it to craft targeted attacks. The company has advised customers to monitor for suspicious activity and has implemented additional security measures to prevent future incidents. No specific CVEs were linked to this breach at the time of reporting.
Source: The Hacker News
