:

CHECKMARX KICS TOOL COMPROMISED IN SUPPLY-CHAIN ATTACK

AI DESK1 MIN READ
THU, APR 23, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Hackers have compromised multiple distribution channels for Checkmarx's KICS analysis tool, including Docker images and code editor extensions, to extract sensitive data from developer environments.

The attack targeted Docker images, VSCode extensions, and Open VSX extensions used to deliver the KICS infrastructure-as-code security scanner. The compromised packages could harvest credentials and other sensitive information from developers' machines during installation and use. KICS is widely used to scan Terraform, CloudFormation, Kubernetes, and other infrastructure-as-code files for misconfigurations. The tool's integration into popular development workflows means the breach potentially affected multiple organizations across industries. Checkmarx has not disclosed the attack timeline or number of affected users. The incident underscores risks in software supply chains where trusted tools serve as vectors for data theft. Organizations using KICS through affected channels should rotate credentials and review access logs for suspicious activity. Developers should verify package integrity and use only official distribution sources going forward.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

A new browser fingerprinting vector has emerged in Chromium 148, where the Math.tanh function produces different results across operating systems. This discrepancy can be exploited to identify a user's underlying OS without explicit permission.

3H AGOIndustry Desk

Kaseya is hosting a webinar on strengthening MSP resilience through SaaS backups and business continuity strategies. The session focuses on how recovery capabilities prove critical when security defenses are breached.

9H AGOSecurity Desk

A new variant of RedHook Android malware abuses Wireless ADB (Android Wireless Debugging) to gain shell-level privileges without requiring a computer connection. This represents a significant escalation in the malware's capabilities.

10H AGOSecurity Desk

Fraudsters are creating convincing counterfeit news articles impersonating major publishers like the Guardian to direct social media users to bogus investment sites. The fake stories feature fabricated celebrity endorsements and financial narratives designed to establish credibility.

15H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.