checkmarx-kics-dockerhub

Incident Summary

Checkmarx KICS DockerHub image compromised

In a second wave of the Checkmarx supply-chain incident, attackers published malicious tags for the public KICS DockerHub image. Checkmarx reported that the affected image tags were present on DockerHub on April 22, 2026, extending the campaign from source and CI assets into container distribution.

Date: 2026-04-22
Category: Commercial
Target Surface: Other
Insertion Phase: distribution
Impact: Credential theft
Cause: Compromised Account/Credentials

What Was Affected

Package checkmarx-kics-dockerhub

LanguageGo

ComponentApplication

Artifact typeOCI image

Domain typecontainer host

Domain hub.docker.com

Repository github.com/Checkmarx/kics

Compromised Versions

v2.1.20-debian
v2.1.21-debian
debian
v2.1.21
v2.1.20
alpine
latest

Incident Context

Motive: Credential Theft
Attribution: Advanced Persistent Threat
Transitive: Yes
User Impact: 0
Observed Duration: 0 days

checkmarx-kics-dockerhub

Checkmarx KICS DockerHub image compromised

What Was Affected

Compromised Versions

Incident Context

Evidence

Compromised Artifacts

External References

Source Data