// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-wedgDTG 0600Z
ColdRecon / Breach Radar / Checkmarx
Breach Record

Checkmarx

DISCLOSED 2026-04-28 · SUPPLY CHAIN

Checkmarx suffered a supply chain incident where attackers gained unauthorized access to GitHub repositories, likely via the TeamPCP attack on Trivy scanner, leading to publication of malicious Jenkins AST plugin artifacts. Customer data was not stored in the affected repositories, but data exfiltration occurred on March 30, 2026, with stolen data later published by LAPSUS$.

The record

What we know

Disclosed
2026-04-28
Attack vector
Supply Chain
Sources

Cited reporting

Similar vector · recent

Other supply chain breaches on file

This page is the permanent ColdRecon entry for the Checkmarx disclosure. It updates if new public reporting emerges. All tracked breaches →

Checkmarx just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →