New Checkmarx supply-chain breach affects KICS analysis tool

📅 23 April 2026 at 16:05 UTC📰 Bleeping ComputerView original source ↗

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. [...]

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

Hackers compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments.

⚙️Technical Details

Affected Systems

Checkmarx KICS analysis tool

💥Impact Assessment

Severity: High

Who Is at Risk

Developers who have downloaded the compromised Checkmarx KICS analysis tool

🛡️Recommended Actions

1Rotate secrets and credentials as soon as possible

2Rebuild environments from a known safe point

3Block access to 'checkmarx.cx => 91[.]195[.]240[.]123' and 'audit.checkmarx.cx => 94[.]154[.]172[.]43'

📦Affected Products

Checkmarx KICS analysis tool

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer ↗

← Back to feed