Overview
- The checkmarx/kics Docker Hub repo, which attackers accessed Wednesday using valid publisher credentials, briefly served images that quietly sent KICS scan results to audit.checkmarx.cx.
- The poisoned builds kept KICS scanning intact but added code that encrypted output and exfiltrated it with the KICS-Telemetry/2.0 user agent to attacker infrastructure.
- Multiple tags were overwritten and two fake releases appeared, including latest, alpine, debian, v2.1.20, and new tags v2.1.21 and v2.1.21-debian, all built from an attacker-controlled GitHub repo created the day before.
- Docker disabled the malicious digests, restored the repo to a known-good March 3 image, and suspended the publisher account, with pulls during a narrow Wednesday UTC window posing the primary risk.
- Socket reports related Checkmarx VS Code and Open VSX extensions that fetched a hidden MCP addon to run remote code, and responders urge teams to rotate exposed secrets, repull by digest, purge caches, and check egress logs for audit.checkmarx.cx or KICS-Telemetry/2.0 as part of tighter credential hygiene and layered defenses.