Supply Chain Attack Targets Checkmarx Software Packages
The Israel National Cyber Directorate (INCD) has issued an alert regarding a supply chain attack that compromised several software packages maintained by Checkmarx. Malicious code was reportedly injected into these packages. Organizations are strongly advised to verify that they are not utilizing the compromised versions of these software packages and should exclusively use legitimate versions released by Checkmarx.
If your organization used the affected software packages during the period of compromise, additional mitigation steps are required. The INCD directs users to consult the “Mitigation Strategies” and “Immediate Actions” sections within their original advisory for detailed guidance. The National Cyber Directorate will provide updates to this alert as necessary.
Attached Files:
What This Means For You
- Verify the integrity of all third-party software dependencies and immediately update or replace any identified as compromised, following vendor-provided remediation guidance.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Suspicious Download of Checkmarx Related Software Packages
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| INCD Alert | Supply Chain Attack | Compromised Checkmarx Software Packages |
Source & Attribution
| Source Platform | INCD |
| Channel | Israel National Cyber Directorate |
| Channel ID | incd |
| Message ID | 1991 |
| Published | April 23, 2026 at 15:00 UTC |
| Original Link | https://www.gov.il/he/pages/alert_1991 |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
Attackers Disrupt Strong Authentication to Steal Credentials
The Israel National Cyber Directorate (INCD) has issued a warning regarding a sophisticated cyberattack technique that targets an organization's strong authentication mechanisms. Recently, the INCD...
Microsoft April 2024 Security Updates: Zero-Day Exploited, Critical Vulnerabilities Addressed
The Israel National Cyber Directorate (INCD) has issued a critical alert regarding Microsoft's April 2024 security updates. On April 14th, Microsoft released approximately 163 security...
PowerShell Scripts Deployed for Wiper Malware Attacks, INCD Warns
The Israel National Cyber Directorate (INCD) has issued a warning regarding a recent cyberattack employing PowerShell scripts to execute wiper malware. This malicious activity targets...