Recent reports have revealed a significant breach in the Checkmarx supply chain, affecting Docker images, VS Code, and Open VSX extensions used with the KICS analysis tool. This breach allowed hackers to access sensitive data from developer environments.
KICS, an acronym for Keeping Infrastructure as Code Secure, is a vital open-source scanner that aids developers in identifying security vulnerabilities within source code, dependencies, and configuration files.
The tool is primarily utilized locally through CLI or Docker, processing critical infrastructure configurations that often contain confidential information such as credentials, tokens, and internal architecture details.
Following an alert from Docker regarding malicious images pushed to the official checkmarx/kics Docker Hub repository, Socket, a dependency security company, initiated an investigation into the incident.
The investigation uncovered a breach that expanded beyond the trojanized KICS Docker image to compromise VS Code and Open VSX extensions. These extensions downloaded a concealed ‘MCP addon’ feature designed to deploy malware for stealing secrets.
Socket identified that the ‘MCP addon’ feature downloaded a multi-stage credential theft and propagation component named mcpAddon.js from a hardcoded GitHub URL.
According to researchers, the malware specifically targeted data processed by KICS, including GitHub tokens, cloud credentials (AWS, Azure, Google Cloud), npm tokens, SSH keys, Claude configurations, and environment variables. The stolen data was encrypted and sent to audit.checkmarx[.]cx, a domain mimicking legitimate Checkmarx infrastructure. Additionally, public GitHub repositories were automatically created for data exfiltration.
.jpg)
It is crucial to note that Docker tags were temporarily repointed to a malicious digest, impacting users who pulled them during a specific timeframe. The risky period for the DockerHub KICS image was from 2026-04-22 14:17:59 UTC to 2026-04-22 15:41:31 UTC.
Affected tags have now been restored to their legitimate image digests, and the fake v2.1.21 tag has been completely removed.
Developers who downloaded the compromised components are advised to assume their secrets have been compromised, rotate them promptly, and rebuild their environments from a secure starting point.
Although the TeamPCP hackers, known for the Trivy and LiteLLM supply-chain compromise, claimed responsibility for the attack publicly, researchers could not definitively attribute it beyond pattern-based correlations.
Checkmarx, an application security testing company, has been contacted for a statement, but no immediate response was received by BleepingComputer.
Checkmarx has released a security bulletin addressing the incident, confirming the removal of all malicious artifacts and the revocation and rotation of exposed credentials. The company is currently collaborating with external experts to investigate further and promises to share additional information as it becomes available.
Users of the compromised tool are advised to block access to ‘checkmarx.cx => 91[.]195[.]240[.]123’ and ‘audit.checkmarx.cx => 94[.]154[.]172[.]43,’ utilize pinned SHAs, revert to known safe versions, and rotate secrets and credentials if compromise is suspected or confirmed.
The latest secure versions of the affected projects are: DockerHub KICS v2.1.20, Checkmarx ast-github-action v2.3.36, Checkmarx VS Code extensions v2.64.0, and Checkmarx Developer Assist extension v1.18.0.
An AI exploit chaining four zero-days into a single attack bypassed both renderer and OS sandboxes, signaling a wave of upcoming exploits. Witness the power of autonomous, context-rich validation at the Autonomous Validation Summit (May 12 & 14) to identify vulnerabilities, validate controls, and close the remediation loop effectively.
Claim Your Spot
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook and Instagram to Reduce Personalized Ads for European Users
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Subscribe to our weekly newsletter below and never miss the latest News or an exclusive offer.
