Checkmarx KICS Docker repo compromised in supply chain attack that exposed secrets

Checkmarx KICS users need to treat this as a real supply chain incident. Malicious images were pushed to the official checkmarx/kics Docker Hub repository on April 22, 2026, and the poisoned builds could collect scan output and send it to attacker-controlled infrastructure. That matters because KICS scans infrastructure-as-code files such as Terraform, CloudFormation, and Kubernetes […] The post Checkmarx KICS Docker repo compromised in supply chain attack that exposed secrets appeared first on VPN Central.