Malicious KICS images and VS Code extensions in Checkmarx supply chain

Colleagues, a cybersecurity alert: the Checkmarx supply has been compromised — malicious KICS images and VS Code extensions detected.
What happened:
- Socket: tags in checkmarx/kics on Docker Hub were overwritten (including v2.1.20, alpine) and an unofficial v2.1.21 was added; the repo was archived.
- The altered KICS built, encrypted and exfiltrated scan reports to an external endpoint.
- VS Code (1.17.0, 1.19.0) fetched remote code via Bun without confirmation; 1.18.0 did not.
Why it matters: IaC check secrets are likely compromised — immediate audit required.
How do you respond to such incidents?
#cybersecurity #supplychain #IaC #DevSecOps


Latest comments
No comments yet.