Signal

Checkmarx confirms LAPSUS$ leaked stolen GitHub data amid supply chain attack

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-04-27 23:33 UTCUpdated 2026-04-28 14:50 UTC

rss

breachesthreat_actorssecurity_toolingsupply_chain

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data

BleepingComputer · News · bleepingcomputer.com · 2026-04-28 14:50 UTC

Ongoing supply-chain attack 'explicitly targeting' security, dev tools

theregister_security · News · go.theregister.com · 2026-04-27 23:33 UTC

limited source diversity in top sources

View all evidence

Overview

Checkmarx has become the latest victim in an ongoing supply chain attack campaign targeting security and development tool providers. The LAPSUS$ extortion group claimed responsibility for leaking stolen data from Checkmarx's private GitHub repository, including source code and sensitive secrets. This breach underscores the growing threat to software supply chains and the potential impact on organizations relying on compromised security tooling.

Entities

CheckmarxLAPSUS$

Score total

1.01

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

The leak is part of an ongoing supply chain attack campaign affecting multiple security vendors.
Recent confirmation by Checkmarx underscores the immediacy and scale of the threat.
Raises urgent concerns for organizations relying on compromised security and development tools.

Why it matters

Highlights risks to software supply chains from targeted attacks on security tooling providers.
Exposes sensitive source code and secrets that could be exploited by threat actors.
Demonstrates the growing sophistication and impact of threat groups like LAPSUS$.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

LAPSUS$ leaked source code and secrets stolen from Checkmarx's private GitHub repository.

How sources frame it

BleepingComputer: neutral
The Register: neutral

Consolidated recent reports confirming LAPSUS$ data leak from Checkmarx GitHub repository amid ongoing supply chain attacks.

All evidence

Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data

BleepingComputer · bleepingcomputer.com · 2026-04-28 14:50 UTC

Ongoing supply-chain attack 'explicitly targeting' security, dev tools

theregister_security · go.theregister.com · 2026-04-27 23:33 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

BleepingComputer (1)
theregister_security (1)

Top origin domains (this list)

bleepingcomputer.com (1)
go.theregister.com (1)