Skip to content
The Nexus
DossierENTITY

Checkmarx

Coverage of Checkmarx in the Nexus archive.

Earliest in view: Apr 22 · 17:55 UTCMost recent: May 11 · 22:03 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 11 · 22:03 UTCBLEEPING COMPUTER
    Official CheckMarx Jenkins package compromised with infostealer

    A rogue version of Checkmarx's Jenkins Application Security Testing plugin was published on the Jenkins Marketplace, compromising the security of users. The compromised plugin is a version of the official CheckMarx Jenkins package. This incident poses a significant risk to users' sensitive information.

  • SECURITYMay 11 · 18:30 UTCTHE HACKER NEWS
    TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

    Checkmarx confirmed a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace after a supply chain attack. Users are advised to use version 2.0.13-829.vc72453fa_1c16 or previously. The incident occurred weeks after the KICS supply chain attack.

  • SECURITYMay 11 · 12:11 UTCTHE REGISTER
    Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged

    Checkmarx's Jenkins plugin was sabotaged by TeamPCP, a malicious group that has compromised the company's packages multiple times. The compromised plugin was available on the Jenkins Marketplace and could have given attackers access to source code and secrets. Checkmarx is working to remove the malicious version and update customers.

  • SECURITYApr 29 · 11:00 UTCARS TECHNICA
    Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

    Security firm Checkmarx has been targeted in multiple supply-chain attacks over 40 days, including a breach of the Trivy vulnerability scanner and a ransomware attack. Attackers compromised GitHub accounts to deliver malware to users, stealing credentials like repository tokens and SSH keys.

  • SECURITYApr 28 · 14:50 UTCBLEEPING COMPUTER
    Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data

    Checkmarx, an application security company, confirmed that the LAPSUS$ threat group leaked data from its private GitHub repository. The incident involves stolen code or sensitive information from the company's internal systems.

  • SECURITYApr 27 · 23:33 UTCTHE REGISTER
    Ongoing supply-chain attack 'explicitly targeting' security, dev tools

    Checkmarx, a software security testing company, has been targeted in a supply-chain attack by the Lapsus$ group, which claimed to have leaked their source code and sensitive data from a GitHub repository. The breach highlights ongoing attacks explicitly targeting security and development tools.

  • SECURITYApr 27 · 14:19 UTCTHE HACKER NEWS
    Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

    Checkmarx confirmed that data from its GitHub repository was posted on the dark web following a supply chain attack on March 23, 2026. The company attributes the breach to a cybercriminal group exploiting the initial attack to access sensitive repository data.

  • SECURITYApr 23 · 16:05 UTCBLEEPING COMPUTER
    New Checkmarx supply-chain breach affects KICS analysis tool

    Hackers compromised Docker images, VSCode, and Open VSX extensions for Checkmarx's KICS analysis tool to steal sensitive data from developer environments. The breach exploits the supply chain to harvest information from affected systems.

  • SECURITYApr 23 · 14:17 UTCHACKER NEWS
    Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

    Bitwarden CLI was compromised in an ongoing supply chain campaign attributed to Checkmarx. The incident highlights vulnerabilities in software distribution channels, with the compromised CLI tool potentially exposing users to malicious activity.

  • SECURITYApr 23 · 13:42 UTCTHE HACKER NEWS
    Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

    Bitwarden CLI version 2026.4.0 was compromised in the Checkmarx supply chain campaign, with malicious code found in 'bw1.js'. Socket identified the attack, which leveraged a supply chain vulnerability.

  • SECURITYApr 22 · 17:55 UTCTHE HACKER NEWS
    Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

    Cybersecurity researchers warned of malicious Docker images and VS Code extensions in Checkmarx's supply chain. Socket revealed threat actors overwrote tags like v2.1.20 and alpine in the 'checkmarx/kics' Docker Hub repository and introduced a fake v2.1.21 tag.

Checkmarx · Dossier · The Nexus