Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
22 April 2026
Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository.
In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and alpine, while also introducing a new v2.1.21 tag that does not correspond to an official release. The