:

CHECKMARX KICS TOOL COMPROMISED IN SUPPLY-CHAIN ATTACK

AI DESK1 MIN READ
THU, APR 23, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Hackers have compromised multiple distribution channels for Checkmarx's KICS analysis tool, including Docker images and code editor extensions, to extract sensitive data from developer environments.

The attack targeted Docker images, VSCode extensions, and Open VSX extensions used to deliver the KICS infrastructure-as-code security scanner. The compromised packages could harvest credentials and other sensitive information from developers' machines during installation and use. KICS is widely used to scan Terraform, CloudFormation, Kubernetes, and other infrastructure-as-code files for misconfigurations. The tool's integration into popular development workflows means the breach potentially affected multiple organizations across industries. Checkmarx has not disclosed the attack timeline or number of affected users. The incident underscores risks in software supply chains where trusted tools serve as vectors for data theft. Organizations using KICS through affected channels should rotate credentials and review access logs for suspicious activity. Developers should verify package integrity and use only official distribution sources going forward.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Partnered Health, one of Australia's largest healthcare providers, has disclosed a cyber-attack affecting 21 clinics across Sydney, Melbourne, and Canberra. Personal information and medical records were compromised in the breach.

1H AGOSecurity Desk

Security firm Intruder has developed an AI-powered system that automatically identifies previously unknown software vulnerabilities by combining code analysis with large language models. The tool already discovered and exploited a WordPress plugin zero-day.

1H AGOAI Desk

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

6H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

6H AGOSecurity Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.