> TritonInfoSec News
Home / Apr 24, 2026 / Story
0
#3 BleepingComputer general April 23, 2026 at 16:05 UTC

New Checkmarx supply-chain breach affects KICS analysis tool

By Bill Toulas

AI Summary

Attackers compromised Docker images, VSCode extensions, and Open VSX extensions for Checkmarx's KICS security analysis tool, embedding credential-stealing payloads that harvest sensitive data from developer environments. The supply chain attack targets security teams using KICS for infrastructure-as-code scanning, potentially exposing secrets across multiple development projects.

Read full article → https://www.bleepingcomputer.com/news/security/new…

Relevance score: 88.0/100

# More from April 24

  1. 1
    CISA: US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March The Record
  2. 2
    Bitwarden CLI npm package compromised to steal developer credentials BleepingComputer
  3. 4
    UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware The Hacker News
  4. 5
    UK warns of Chinese hackers using proxy networks to evade detection BleepingComputer
  5. 6
    New GopherWhisper APT group abuses Outlook, Slack, Discord for comms BleepingComputer
  6. 7
    Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case The Hacker News
  7. 8
    CISA orders feds to patch BlueHammer flaw exploited as zero-day BleepingComputer
  8. 9
    Hackers exploit file upload bug in Breeze Cache WordPress plugin BleepingComputer
  9. 10
    US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied CyberScoop