Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Published on April 22, 2026

Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and alpine, while also introducing a new v2.1.21 tag that does not correspond to an official release. The

Continue reading on website
Other news

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

April 22, 2026
Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens.The supply chain worm has been detected by both Socket and StepSecurity, with the companies tracking the activity under the name CanisterSprawl owing to the use of an ICP canister to exfiltrate the stolen data

Kyber ransomware gang toys with post-quantum encryption on Windows

April 22, 2026
A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption. [...]