Lapsus$ Claims Checkmarx Breach, Google Adjusts Bug Bounty, Blackwater Hits Hospitals
Cyber Updates - Asher Tamam reports that the Lapsus$ group claims a 96GB data leak from Checkmarx, allegedly leveraging credentials stolen via a Trivy tool. The purported data includes a Linux 0-day vulnerability (dubbed “Copy Fail”) and other findings impacting major organizations. This highlights the severe risk supply chain tools pose when compromised, providing attackers a direct path into development environments and sensitive intellectual property.
Separately, Google is recalibrating its Bug Bounty program, decreasing Chrome rewards while increasing Android payouts, with a sharper focus on high-impact, complex vulnerabilities. This shift likely reflects the rising efficacy of AI tools in discovering simpler bugs, pushing researchers towards more sophisticated findings. Meanwhile, French authorities arrested a 15-year-old, known as “breach3d,” suspected of selling 12-18 million stolen records from the ANTS agency, demonstrating the persistent threat of insider or opportunistic data theft, regardless of the perpetrator’s age.
In other developments, the Blackwater group is attributed to a ransomware attack on Minidoka Hospital in the US, threatening data publication within seven days—another critical hit on the vulnerable healthcare sector. Trellix also confirmed unauthorized access to a portion of its source code repository, though no evidence of release or exploitation has been found yet. These incidents underscore the relentless targeting of critical infrastructure and the ongoing battle for sensitive intellectual property.
What This Means For You
- If your organization uses Checkmarx or Trivy, immediately audit access logs for unusual activity and rotate credentials. Review your Linux systems for any potential exploitation vectors related to "Copy Fail" or similar copy-on-write vulnerabilities. For healthcare CISOs, the Blackwater attack on Minidoka is a stark reminder to bolster ransomware defenses, review incident response plans, and test data recovery procedures. If you use Trellix products, stay alert for official advisories regarding potential impacts from their source code breach.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Lapsus$ Trivy Credential Theft via Copy Fail Exploit
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| Lapsus$-Checkmarx-Leak | Information Disclosure | Checkmarx data leak (96GB) via credentials stolen from Trivy tool |
| Linux-0-day | Privilege Escalation | Linux 0-day vulnerability (Copy Fail) |
| ANTS-Data-Breach | Information Disclosure | 12-18 million stolen records from ANTS agency |
| Minidoka-Hospital-Ransomware | Ransomware | Minidoka Hospital ransomware attack by Blackwater group |
| Trellix-Source-Code-Access | Information Disclosure | Trellix unauthorized access to source code repository |
Written by SCW Vulnerability Desk
Related coverage on
Trellix Confirms Source Code Breach After Unauthorized Repository Access
Cybersecurity vendor Trellix has confirmed a breach involving unauthorized access to a portion of its source code. The Hacker News reports that Trellix "recently identified"...
Scattered Spider Arrest, OFAC Hits Iran Crypto, NSA Tool Vulnerability
SecurityWeek reports several critical developments that defenders should track. The arrest of a Scattered Spider hacker is a significant win, but this group remains a...
cPanel Critical Vulnerability CVE-2026-41940 Demands Immediate Patching
Cyber News - Erez Dasa reports a critical vulnerability, CVE-2026-41940, impacting cPanel web hosting management systems. Rated with a CVSS score of 9.8, this flaw...