A supply chain commitment has hit a tool designed to improve security: Docker images and VS Code / Open VSX extensions from the Checkmarx KICS open scanner were cut to steal secrets from development environments. KICS, used locally to analyze infrastructure such as code, processes files and variables that often contain tokens, keys and sensitive configurations; turning that vector into primary target leaves equipment and organizations exposed to automatic leaks of credentials and internal architecture.
According to the public investigation of the incident and the announcement of the Checkmark itself, the attackers introduced a hidden component - referred to as a "MCP addon" - that was downloaded from a coded URL and brought a multi-stage module to locate, encrypt and exfilter data such as GitHub tokens, AWS / Azure / GCP credentials, tokens npm, SSH keys, Claude-type assistant configurations and environment variables. Part of the exfiltration was made to a domain that imitated the legitimate infrastructure of Checkmarx and through the automatic creation of public repositories in GitHub to store the stolen data.
The technical range includes two vectors: DockerHub tags that were temporarily rearranged to a malicious digest during a precise interval and IDE extensions that loaded the malicious addon. This means that the impact depends on when the images or extensions were downloaded; Checkmark restored the affected labels and removed the fake label, but the users who obtained them in that period must assume that their secrets were compromised.
The practical implications are serious. The exposure of tokens and keys from development machines can provide access to repositories, cloud deployments, package records and continuous integration environments, allowing for scaling, sensitive code leaks and back door deployments. In addition, attackers who exploit a security tool take advantage of the developer's confidence in that tool: the result is a high impact attack and low probability of immediate detection.
If you think you downloaded any of the affected versions, already. Check Checkmark's official security note for secure details and versions and follow your instructions: Checkmarx - Security update. As immediate measures, it considers revoking and rotating all potentially exposed credentials (GitHub tokens, cloud keys, tokens npm, SSH keys), rebuilding environments from confidence points and blocking connections to the domains and IP addresses associated with the exfilter. For instructions on how to cancel personal tokens and protect accounts in GitHub, see the official guide: GitHub - Revocar personal access tokens.
Beyond urgent remediation, this incident reinforces practices that must be integrated into any pipeline: pining of digests and versions in images and extensions, verification of integrity and signatures of artifacts, use of ephemeral and less-reaching credentials, and monitoring of the creation of repositories or unusual activity in linked accounts. Device signature tools such as Sigstore help raise confidence about which binaries and containers are consumed: Sigstore.
Not all attribution is firm: there were public claims that attempted to link the attack to groups responsible for previous incidents, but the open investigations did not confirm a final attribution. This lack of certainty highlights another lesson: not relying on a single layer of trust and assuming that any critical dependence can be attacked. For security equipment, this requires the incorporation of compensatory controls such as repository leak detection, continuous secret scanning and cloud access audit.
In short, take the threat seriously: revoke and break secrets, review and reconstruct environments, set images / extentions by SHAs and activate signatures or integrity verification. It takes advantage of this crisis in order to tighten the policies of the management of secrets and the hygiene of development: short-term credentials, minimum privileges, and telemetry to detect early anomalies are investments that reduce the exposure window when a tool of confidence is compromised.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...