BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Checkmarx KICS Docker Images Found Laced With Malware

Checkmarx KICS tool hacked in Docker Hub, steals scan data in widespread supply chain attack.

  • Malicious images were uploaded to the official Checkmarx Docker Hub repository for its KICS security tool.
  • The compromised software could scan infrastructure files, collect sensitive data like credentials, and exfiltrate it to external endpoints.
  • The incident appears to be part of a broader supply chain compromise affecting multiple Checkmarx distribution channels, including Visual Studio Code extensions.
  • Organizations that used the affected tool should treat any exposed secrets from scans as compromised.

Cybersecurity researchers revealed on April 22, 2026, that unknown threat actors compromised the official Docker Hub repository for Checkmarx‘s KICS infrastructure security scanning tool. According to an alert by software supply chain security company Socket, malicious images overwritten existing tags and introduced a new unauthorized version. Consequently, the Docker repository has been archived.

- Advertisement -

Analysis indicated the poisoned binary was modified to include data collection and exfiltration capabilities absent in the legitimate version. The malware could reportedly generate an uncensored scan report, encrypt it, and send it to an external endpoint. Meanwhile, further investigation uncovered that related Checkmarx developer tooling may also have been affected, such as recent Microsoft Visual Studio Code extension releases containing malicious code to download and run a remote addon.

“The evidence suggests this is not an isolated Docker Hub incident, but part of a broader supply chain compromise affecting multiple Checkmarx distribution channels,” Socket noted. Organizations that may have used the affected KICS image to scan Terraform, CloudFormation, or Kubernetes configurations should therefore treat any secrets or credentials exposed during those scans as likely compromised.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Oracle Shares Tumble 6.5% as Iran Conflict Sparks Market Sell-Off

Oracle shares fell 6.5% on Monday amid a market-wide sell-off triggered by the escalation...

FLEOA endorses CLARITY Act ahead of Senate recess

The CLARITY Act secured a second endorsement from a major law enforcement group, the...

OpenAI’s new guide: shorter prompts, better GPT-5.6 Sol results

OpenAI published a dedicated prompting guide for GPT-5.6 Sol that changes earlier advice.Internal coding-agent...

Bitcoin Drops 4% on Geopolitical Tensions, Market Risk-Off

Bitcoin fell to $61,750.90 on Monday, July 13, as geopolitical tensions over the Strait...

New macOS Malware ‘CrashStealer’ Steals Crypto, Passwords

Researchers at Jamf Threat Labs have discovered a new macOS information stealer called CrashStealer...

Must Read

8 Best Bitcoin Offshore Hosting Providers

In this blog post, we'll list the top 8 best bitcoin offshore hosting providers that accept Bitcoin and other cryptocurrencies.As Bitcoin continues to grow...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading