Steadvar — News without the noise

Privacy · Terms · About

© 2026 Steadvar. All rights reserved.

Security Firms Checkmarx and Bitwarden Affected by Supply Chain Attack

TechnologyBusiness4/29/2026
Share

Similar Articles

Windows 11 BitLocker Bypass Exploit Published by Security Researcher

Technology2d ago

Open Source CLI Package Compromised, Malicious Version Removed

TechnologyCrime4/27/2026

Daemon Tools Software Compromised by Monthlong Supply-Chain Attack

TechnologyCrime5/5/2026

Linux Kernel Vulnerability Patched, Public Exploit Code Released

Technology4/30/2026

Canvas Learning Platform Restored After Cyberattack Disrupts Finals

EducationTechnology5/9/2026

A supply chain attack in March 2023 compromised access to Checkmarx's GitHub repositories, and the same attack appears to have affected Bitwarden. The attack was linked to the Trivy campaign by the TeamPCP group, which sells access credentials to other hackers.

Facts First

  • Checkmarx confirmed a data leak originating from its GitHub repositories.
  • The breach was part of a supply chain attack that occurred on March 23, 2023.
  • Security firm Bitwarden was also affected by the same supply-chain attack.
  • The attack was linked to the Trivy campaign executed by the TeamPCP group.
  • TeamPCP is an access-broker operation that sells credentials to other hackers, such as the ransomware group Lapsu$.

What Happened

Checkmarx stated that leaked data originated from its GitHub repositories via a supply chain attack that occurred on March 23, 2023. Socket reported that the security firm Bitwarden was also affected by the same supply-chain attack. Socket linked the Bitwarden breach to the Trivy campaign because the payload used the same Command and Control (C2) endpoint and core infrastructure as the malware targeting Checkmarx.

Why this Matters to You

If you use software or services from security firms like Checkmarx or Bitwarden, your data security may be indirectly affected by breaches in their development infrastructure. The attack chain suggests that hackers are targeting the tools that secure other systems, which could lead to broader vulnerabilities. The stolen credentials appear to have been sold to a ransomware group, which may increase the risk of downstream attacks on organizations you interact with.

What's Next

Checkmarx has not specified the types of data leaked, so users of its services may need to await further details from the company. Linking the attacks to the TeamPCP group and the Trivy campaign could help other organizations identify and defend against similar infrastructure compromises. Security teams are likely to scrutinize their own supply chain dependencies more closely following these incidents.

Perspectives

“
Security Experts argue that attackers are increasingly treating security tools as both a primary target and a delivery mechanism to facilitate downstream compromises. They note that "attackers are treating security tools as both a target and a delivery mechanism, attacking products meant to protect the supply chain to steal credentials and move to subsequent victims."