The official Checkmarx KICS Docker Hub repository was compromised by threat actors who overwrote existing image tags and introduced a new one containing a maliciously modified KICS binary designed to exfiltrate sensitive data from scan reports. Additionally, malicious code was discovered in Microsoft Visual Studio Code extensions associated with Checkmarx tooling, specifically versions 1.17.0 and 1.19.0, enabling unauthorized download and execution of remote addons. Organizations using the affected images or extensions should assume any scanned credentials are compromised and rotate them immediately.
Supply chain Checkmarx Docker Hub repository compromised with malicious images April 23, 2026 Share By SC Staff The official Checkmarx KICS Docker Hub repository has been compromised with malicious images, posing a significant threat to software supply chain security. Threat actors overwrote existing tags and introduced a new one containing a modified KICS binary with data collection capabilities, according to a recent report by The Hacker News. The compromised images, including tags like v2.1.20 and alpine, were found to contain a modified KICS binary designed to exfiltrate sensitive data from scan reports to an external endpoint, according to an alert from Socket. This poses a severe risk to organizations using KICS to scan infrastructure-as-code files, which may contain credentials and other confidential information. Additionally, malicious code was discovered in recent Microsoft Visual Studio Code extension releases associated with Checkmarx tooling, enabling the download and execution of remote addons without user confirmation. Versions 1.17.0 and 1.19.0 of these extensions are confirmed to be affected. This incident highlights a broader trend of supply chain attacks targeting widely used development tools and repositories. Organizations that utilized the affected KICS image or extensions should assume any secrets or credentials exposed during scans are compromised and take immediate steps to rotate them. Source: The Hacker News SC Staff Related Supply chain Namastex npm packages compromised in ‘CanisterWorm’ supply chain attack Laura French April 23, 2026 A self-propagating script was added to @automagik/genie and @pgserve packages. Security Operations Mondoo launches free AI skills check to mitigate supply chain risks SC Staff April 22, 2026 The new service allows users to search for AI agent skills by name, registry, or package URL, providing visibility into their functionality and security risks before installation. AI/ML The LiteLLM attack was a warning shot for Agentic AI supply chains Harold Byun April 22, 2026 Here’s why teams have to move to a more active security model. Related Events Cybercast From code to cloud: Stopping attacks in the software supply chain Wed Apr 29 Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe You can skip this ad in 5 seconds