Checkmarx has confirmed that attackers stole 96 gigabytes of data during last month's supply chain attack on its KICS open source project, including source code, employee databases, API keys, and database credentials. The breach, attributed to the TeamPCP hacking group with potential ties to the Lapsus$ extortion gang, began when hackers compromised Checkmarx's GitHub environment through credentials stolen in the earlier Trivy attack and poisoned multiple plugins and workflows. Despite remediation efforts including revoking credentials and removing malicious packages, the attackers regained access in late April and published another round of malicious code, also compromising the popular Bitwarden command-line interface package.