Now Playing
Checkmarx Breached Twice & Canvas Hits 9,000 Institutions
Audio is available on Spreaker — see link below.
TeamPCP returns to Checkmarx weeks after the first breach — a clear sign incident response failed — while ShinyHunters claims a Canvas LMS compromise affecting nine thousand universities worldwide. Today's briefing breaks down both supply chain attacks and what incomplete remediation really costs.
Audio is available on Spreaker — see link below.
Checkmarx was breached again. The same threat actor.
To put this in context, TeamPCP has been running a coordinated campaign across the developer toolchain since March. Their targets include Checkmarx's KICS Docker image, VS Code extensions, GitHub Actions workflows, and a compromised Bitwarden CLI package on npm.
Separately, ShinyHunters claimed a breach of Instructure's Canvas platform. Canvas is the dominant learning management system in higher education globally.
The Canvas breach reinforces a pattern that's worth stating plainly. Education institutions consolidate enormous volumes of sensitive data through third-party SaaS platforms, and those platforms are attractive targets precisely because of that concentration.
Two things are worth watching closely from here. On the Checkmarx side, the key question is whether they can now identify and close every persistence mechanism TeamPCP established.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.