Checkmarx Breach Expands Supply Chain Attack

Checkmarx confirmed a GitHub repository compromise after the Lapsus$ hacking group published alleged source code, API keys, and database credentials. The breach originated from a March 23 attack on Checkmarx's KICS tool, which itself stemmed from TeamPCP's earlier compromise of Aqua Security's Trivy scanner. The malware-laced KICS binary exfiltrated infrastructure-as-code scan results containing credentials. The attack chain now extends to Bitwarden CLI, affecting over 10 million users and 50,000 businesses.