These events underscore the critical vulnerability of security tools themselves, showing how attackers can exploit multiple vectors to impact the industry.
\n\n
Furthermore, Checkmarx revealed that a ransomware group known as Lapsu$ had leaked private data on the dark web. This data, dated March 30, indicated that the attackers maintained access to the company's GitHub repositories after the initial detection of the compromise.
\n\n
Additionally, it was reported that Checkmarx's Docker Hub repository also published malicious packages at a similar time.
\n\n
Subsequently, Checkmarx's GitHub account was compromised, leading to the distribution of new waves of malware to the security firm's users. Despite containment efforts, the malicious access persisted, suggesting failures in initial remediation.
\n\n
These incidents began on March 19 with the vulnerability of Trivy, a popular vulnerability scanner. Attackers accessed Trivy's GitHub and used that access to distribute malware to its users, including Checkmarx.
\n\n
The security company Checkmarx has faced a difficult period, enduring multiple supply chain attacks within a 40-day span.