Malicious Docker Images Found in Official Checkmarx KICS Repository

Cybersecurity researchers identified malicious Docker images pushed to the official "checkmarx/kics" repository on Docker Hub. Unknown threat actors overwrote existing tags, including v2.1.20 and alpine, and introduced a new v2.1.21 tag that does not correspond to an official release. The discovery was disclosed by supply chain security firm Socket in an alert published today. No specific malware payloads, attack vectors, or impacted users were detailed in the report. The incident affects the integrity of the Checkmarx KICS (Keeping Infrastructure as Code Secure) tool's distribution channel.