CHECKMARX CONFIRMS LAPSUS$ LEAKED STOLEN GITHUB DATA

Checkmarx disclosed the data leak after LAPSUS$ published stolen materials online. The threat group, known for high-profile breaches targeting major tech and financial firms, accessed the company's private GitHub repositories containing proprietary source code and security tools. The incident marks another successful attack against a cybersecurity vendor, a pattern LAPSUS$ has demonstrated repeatedly. The group typically combines theft with extortion, threatening to release data unless ransom demands are met. Checkmarx has not disclosed the full scope of compromised data or confirmed ransom demands. The company has begun notifying affected customers and partners. Separately, GitHub announced it will begin charging Copilot users based on actual AI usage rather than flat-rate subscriptions, citing escalating inference costs from heavy users. The pricing shift reflects growing demand for AI coding tools and the computational expenses required to support them at scale.