Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...
Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest ...
Checkmarx suffers a second supply chain attack in a month, resulting in hackers injecting credential-stealing malware into ...
Software security testing outfit Checkmarx has become the latest organization caught up in an ongoing attack on security-tool providers. The biz said data posted online appears to have come from one ...
Between April 21 and 23, 2026, three coordinated supply chain campaigns targeted npm, PyPI, and Docker Hub, aiming to steal developer and CI/CD credentials. The incidents included a trojanized ...
Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...
Hard on the heels of a broad supply chain attack that impacted the Aqua Security-maintained Trivy open source security-scanner project, Checkmarx on Tuesday disclosed that attackers had compromised a ...
If you’re deploying containers based on insecure images, the chances of your apps and services being secure is dramatically reduced. To that end, you should be doing everything you can to make sure ...
When we talk about secret sprawl, we immediately think about API keys, passwords, credentials or any secret lurking in some source code. For sure, source code is very tightly linked to secret sprawl.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results