What Happened
On April 22, 2026, threat actors used valid Checkmarx publisher credentials to push malicious Docker images to the official checkmarx/kics repository on Docker Hub. The attackers overwrote existing tags — including v2.1.20 and alpine — and introduced a rogue v2.1.21 tag with no corresponding official release. The malicious window ran from approximately 14:17 to 15:41 UTC.
KICS (Keeping Infrastructure as Code Secure) is an open-source security scanning tool used to detect misconfigurations in Terraform, CloudFormation, Kubernetes, and other infrastructure-as-code formats. The modified binary added data collection and exfiltration capabilities: it generated an uncensored scan report, encrypted it, and transmitted it to an external attacker-controlled endpoint. Because KICS scans IaC files that often contain API keys, cloud credentials, database passwords, and sensitive configuration data, the modified tool was positioned to harvest exactly the secrets developers trust it to audit. Researchers attributed the attack to TeamPCP — the same threat actor behind the Trivy and Axios supply chain attacks earlier in 2026. Checkmarx has restored the repository to its last known-good state and suspended the compromised account.
Why This Matters for Canadian Organizations
TeamPCP has demonstrated a persistent focus on CI/CD toolchain compromise, specifically targeting developer security tools that organizations place high trust in because they run inside automated pipelines with elevated permissions. KICS is used across Canadian DevOps teams in financial services, government digital services, SaaS companies, and cloud-native development shops — anywhere Terraform or Kubernetes configuration scanning is part of a deployment pipeline.
The specific risk here is not a one-time data loss event: if the malicious KICS image ran inside a CI/CD pipeline between 14:17 and 15:41 UTC on April 22, any IaC scan results from that window — including secrets, API tokens, and access credentials embedded in configuration files — were exfiltrated to an external server. Those credentials remain valid until rotated. Organizations subject to PIPEDA breach notification obligations need to assess whether production credentials were exposed and whether the exfiltrated data constitutes reportable personal information.
This incident is part of a pattern: Trivy was poisoned in March 2026 to steal AWS keys from CI/CD environments, and now KICS has been targeted with a similar approach. Security tooling sitting inside automated pipelines is an increasingly attractive target because it runs with broad filesystem and secret access and is typically exempted from the same scrutiny applied to production workloads.
What to Do
Immediately check your CI/CD pipeline logs for any pulls of checkmarx/kics images between April 22, 14:00 and 16:00 UTC. If any pipeline ran a KICS scan during this window, treat all secrets present in scanned IaC files as compromised and rotate them — AWS access keys, Kubernetes secrets, database credentials, and any API tokens referenced in configuration files.
Going forward, pin all security tool Docker images to a specific digest rather than a mutable tag, verify image signatures before use, and monitor your Docker Hub credential activity for unauthorized publisher access. The Socket research team’s analysis of the compromised images is available via Socket.dev. The Hacker News covered the full disclosure at The Hacker News.
