Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Published: 1 day ago (April 22, 2026 at 01:55 PM EDT)

1 min read

Source: The Hacker News

Cybersecurity researchers have warned of malicious images pushed to the official checkmarx/kics Docker Hub repository.

In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to overwrite existing tags, including v2.1.20 and alpine, while also introducing a new v2.1.21 tag that does not correspond to an official release.

Back to Blog

Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine

The AI Agent Authority Gap - From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security...

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

Overview Chinese‑speaking individuals are the target of a new campaign that uses a trojanized version of the SumatraPDF reader to deploy the AdaptixC2 Beacon p...

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

Summary A high‑severity security flaw in LMDeploy, an open‑source toolkit for compressing, deploying, and serving large language models LLMs, has been actively...

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Sa...

Related posts

Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories