Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Checkmarx/kics Docker Hub repository hit by network compromise

Incident
First reported
Last updated
Happening score
H score 14
2 unique sources, 2 articles

Summary

Hide ▲

Checkmarx's checkmarx/kics Docker Hub repository suffered a supply-chain compromise that could expose secrets from infrastructure-as-code scans. Unknown threat actors overwrote tags such as v2.1.20 and alpine and added a bogus v2.1.21 image. The poisoned KICS binary could encrypt scan output and send it to an external endpoint, raising the risk of credential theft from Terraform, CloudFormation, and Kubernetes files. Related Checkmarx Visual Studio Code extension releases also contained malicious code, suggesting the compromise reached beyond a single repository.

Related Happenings

Mistral AI hit by network compromise

Incident
First: 15.05.2026 01:50 Last: 15.05.2026 01:50 Sources 1

About this happening: Mistral AI disclosed a **codebase management system compromise** tied to the **Mini Shai-Hulud** supply-chain attack, and the intrusion briefly contaminated some **SDK packages**....

Open Happening

TanStack hit by network compromise

Incident
First: 12.05.2026 17:45 Last: 12.05.2026 17:45 Sources 1

About this happening: **TanStack** was hit by a **package compromise** on **May 11, 2026**, when attackers published **84 malicious versions** across **42 @tanstack/* packages** and abused the release...

Latest development: 21.05.2026 11:00

On May 17, 2026, Grafana Labs said an unauthorized attacker had downloaded its codebase after accessing the firm's GitHub environment, and the company later said additional internal operational information and business contact names and email addresses were taken from its GitHub repositories; Grafana Labs said there was no indication that customer production systems or the Grafana Cloud platform were compromised.

Open Happening

Shai-Hulud supply-chain campaign spreading via stolen CI/CD credentials

Campaign
First: 12.05.2026 14:29 Last: 12.05.2026 14:29 Sources 1

About this happening: The **Shai-Hulud** **supply-chain campaign** remains active across **npm**, **PyPI**, and **Composer**, with the latest reporting tying **TeamPCP** to both a claimed **GitHub inte...

Open Happening

Mini Shai-Hulud npm supply-chain malware wave

Malware Activity
First: 12.05.2026 14:07 Last: 12.05.2026 14:07 Sources 1

About this happening: The **Sha1-Hulud** npm supply-chain campaign is a fresh **second wave** of **Shai-Hulud**-style activity that has compromised **hundreds of npm packages**. The malware runs during...

Open Happening

Rogue Checkmarx Jenkins AST plugin release on Jenkins Marketplace

Security Tool/Service
First: 12.05.2026 01:03 Last: 12.05.2026 01:03 Sources 1

How related: On Saturday, May 9, a rogue version (2026.5.09 ) of the Checkmarx Jenkins AST plugin was uploaded to repo.jenkins-ci.org.

About this happening: A **rogue 2026.5.09 release** of the **Checkmarx Jenkins AST plugin** was uploaded to **repo.jenkins-ci.org**, undermining trust in a security-scanning component used in **Jenkins...

Open Happening

Timeline

  1. 22.04.2026 20:55 2 articles · 1mo ago

    Checkmarx KICS Docker Hub repository poisoned

    Initial Disclosure

    Unknown threat actors poisoned the official Checkmarx checkmarx/kics Docker Hub repository by overwriting existing tags including v2.1.20 and alpine and adding a bogus v2.1.21 tag, while related Checkmarx developer tooling was also found with malicious code. The modified KICS binary could generate an uncensored scan report, encrypt it, and send it to an external endpoint, creating a risk that secrets or credentials in Terraform, CloudFormation, or Kubernetes scans were exposed, and the related Microsoft Visual Studio Code extension behavior used the Bun runtime to download and run a remote addon without user confirmation or integrity verification.

    Show sources
    Open in new tab