Data BreachBleeping Computer
9.5 — CRITICAL
Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
The LAPSUS$ threat group leaked data stolen from Checkmarx's private GitHub repository, using the Trivy supply-chain attack as access vector.
⚙️Technical Details
Affected Systems
Checkmarx's GitHub repositories
Attack Vectors
Trivy supply-chain attackRenewed access or month-long persistence
💥Impact Assessment
Severity: critical
Who Is at Risk
Customers of Checkmarx who used the affected KICS security scanner
🛡️Recommended Actions
1Monitor GitHub repositories for suspicious activity
2Verify credentials and config files for signs of tampering
3Implement additional security measures to prevent similar supply-chain attacks
📦Affected Products
Checkmarx's KICS security scanner
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.