Over the past six weeks, cybersecurity giant Checkmarx has faced back-to-back supply-chain attacks from malicious actors, with its own GitHub account compromised for the second time. The first incident involved the widely used vulnerability scanner Trivy, which was breached by attackers who then pushed malware to users. Four days later, Checkmarx’s own repository fell victim to a similar exploit, suggesting either incomplete remediation or a new breach.

On April 22, Checkmarx reported yet another wave of malware from its compromised GitHub account, raising questions about the thoroughness of their previous response. Further complicating matters, security firm Socket flagged that Checkmarx’s official Docker Hub repository also hosted malicious packages around the same time.

In a twist befitting a tech thriller, it was revealed last week that a ransomware group known as Lapsu$ had dumped a trove of stolen data from Checkmarx onto the dark web. The date stamp on this leak is March 30, indicating that attackers retained access to Checkmarx’s GitHub account after its initial breach on March 23, and efforts to expel them were unsuccessful.

As if this weren’t enough, Checkmarx has described a ransomware attack from prolific hackers following these incidents. The company is now working to contain and recover from yet another round of malicious activity, leaving users to wonder how many more layers of security are truly foolproof in today’s interconnected world.