Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

SITREP: Cybersecurity researchers have identified malicious Docker images and VS Code extensions affecting the Checkmarx supply chain. The threat actors have overwritten existing tags in the 'checkmarx/kics' Docker Hub repository and introduced a new tag that is not associated with an official release. TACTICAL ASSESSMENT: This incident highlights vulnerabilities in software supply chain security, particularly in widely used repositories. The manipulation of Docker images poses significant risks to organizations relying on these resources for secure development. PROJECTED VECTORS: Further exploitation of compromised images may lead to widespread security breaches in affected systems.