Supply Chain Attack Targets Checkmarx Software Packages
The Israel National Cyber Directorate (INCD) has issued an alert regarding a supply chain attack that compromised several software packages maintained by Checkmarx. Malicious code was reportedly injected into these packages. Organizations are strongly advised to verify that they are not utilizing the compromised versions of these software packages and should exclusively use legitimate versions released by Checkmarx.
If your organization used the affected software packages during the period of compromise, additional mitigation steps are required. The INCD directs users to consult the “Mitigation Strategies” and “Immediate Actions” sections within their original advisory for detailed guidance. The National Cyber Directorate will provide updates to this alert as necessary.
Attached Files:
What This Means For You
- Verify the integrity of all third-party software dependencies and immediately update or replace any identified as compromised, following vendor-provided remediation guidance.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules mapped to MITRE ATT&CK. Free Sigma YAML below.
Suspicious Download of Checkmarx Related Software Packages
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| INCD Alert | Supply Chain Attack | Compromised Checkmarx Software Packages |
Source & Attribution
| Source Platform | INCD |
| Channel | Israel National Cyber Directorate |
| Channel ID | incd |
| Message ID | 1991 |
| Published | April 23, 2026 at 15:00 UTC |
| Original Link | https://www.gov.il/he/pages/alert_1991 |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
Phishing Campaign Deploys Ransomware Dormant for a Year
The Israel National Cyber Directorate (INCD) has issued an advisory regarding a sophisticated phishing campaign culminating in a ransomware attack. Notably, the ransomware remained dormant...
Active Phishing Campaign Targets Israeli Users
Shimi's Cyber World has learned of an active phishing campaign currently targeting users in Israel, as reported by the Israel National Cyber Directorate (INCD). The...
International Diversity Day 2026: Israel's Ministry of Labor Advisory
Shimi's Cyber World notes an advisory from the Israel National Cyber Directorate (INCD) concerning International Diversity Day on May 21, 2026, specifically referencing the Ministry...