← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions
WHITE CyberHunter_NL 2026-04-23 Modified: 2026-05-23
21
IOCs
MEDIUM VOLUME
Security firm Checkmarx has been the target of a serious supply chain compromise, according to researchers at the Socket Research Team and the Open Source Software (OSS) in the United States and Canada.
githubgithub actionscheckmarxdockerkics imageyamlsocketdocker hubkicsvs codeaprilopenpowershelldunecodemcpaddon.js
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
mcpAddon.js KICS
Indicators of Compromise (1 / 21 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL https://audit.checkmarx.cx/v1/telemetry 2026-04-23
References (1)
↗ https://socket.dev/blog/checkmarx-supply-chain-compromise