CHECKMARX KICS TOOL COMPROMISED IN SUPPLY-CHAIN ATTACK

The attack targeted Docker images, VSCode extensions, and Open VSX extensions used to deliver the KICS infrastructure-as-code security scanner. The compromised packages could harvest credentials and other sensitive information from developers' machines during installation and use. KICS is widely used to scan Terraform, CloudFormation, Kubernetes, and other infrastructure-as-code files for misconfigurations. The tool's integration into popular development workflows means the breach potentially affected multiple organizations across industries. Checkmarx has not disclosed the attack timeline or number of affected users. The incident underscores risks in software supply chains where trusted tools serve as vectors for data theft. Organizations using KICS through affected channels should rotate credentials and review access logs for suspicious activity. Developers should verify package integrity and use only official distribution sources going forward.