Malicious Hackers Compromise Checkmarx KICS Tool to Steal Developer Secrets Hackers infiltrated the Checkmarx KICS (Keeping Infrastructure as Code Secure) tool, a popular open-source scanner for identifying vulnerabilities in code, dependencies, and configurations. The attack targeted Docker images, VS Code extensions, and Open VSX extensions, deploying malware designed to harvest sensitive data from developer environments. Security firm Socket uncovered the breach after Docker flagged malicious images in the official checkmarx/kics Docker Hub repository. The compromise extended to VS Code and Open VSX extensions, which secretly downloaded a hidden "MCP addon" from a hardcoded GitHub URL. This addon executed a multi-stage malware (mcpAddon.js) that stole credentials, including: - GitHub tokens - Cloud credentials (AWS, Azure, Google Cloud) - npm tokens - SSH keys - Claude configs - Environment variables The stolen data was encrypted and exfiltrated to audit.checkmarx[.]cx, a domain mimicking legitimate Checkmarx infrastructure. Attackers also automatically created public GitHub repositories for data exfiltration. The malicious Docker images were available for 83 minutes on April 22, 2026 (14:17:59–15:41:31 UTC) before being restored to legitimate versions. The fake v2.1.21 tag was removed entirely. While the TeamPCP hacking group, linked to previous supply-chain attacks (Trivy, LiteLLM), claimed responsibility, researchers found only pattern-based correlations and could not confirm attribution. Checkmarx confirmed the incident in a security bulletin, stating that all malicious artifacts were removed, exposed credentials were revoked, and an investigation with external experts is ongoing. The company advised users to block access to suspicious IPs (91.195.240.123, 94.154.172.43), revert to pinned SHAs, and rotate compromised secrets. Safe versions of affected tools include: - DockerHub KICS v2.1.20 - Checkmarx ast-github-action v2.3.36 - Checkmarx VS Code extensions v2.64.0 - Checkmarx Developer Assist extension v1.18.0

AI-Generated Malware Exploits "React2Shell" in Low-Skill Cyberattack Campaign Darktrace’s CloudyPots honeypot network recently uncovered an active malware campaign leveraging AI-generated tools to exploit the React2Shell vulnerability, marking a concerning evolution in cybercrime tactics. The attack, detected in a misconfigured Docker environment, demonstrates how large language models (LLMs) are lowering the barrier for threat actors to deploy sophisticated exploits with minimal technical expertise. The intrusion began when attackers targeted an exposed Docker daemon a common cloud misconfiguration via its API. The threat actor deployed a container named "python-metrics-collector" to blend in with legitimate services, then installed tools like curl, wget, and python3 to fetch payloads. The attack unfolded in two stages: 1. Dependency Retrieval: A Pastebin URL delivered a list of required Python packages. 2. Payload Execution: A Python script, hosted on a GitHub Gist under the banned user "hackedyoulol", was executed after redirecting from smplu[.]link. Analysis revealed the script was likely AI-generated, featuring verbose comments and an "educational" disclaimer a tactic to bypass LLM safety filters. Tools like GPTZero confirmed 76% of the code was machine-written, with a clean, structured design that exploited React2Shell by forcing exceptions to expose command output. Despite its advanced delivery, the campaign’s goal was simple: cryptocurrency mining. The script deployed XMRig (v6.21.0) to mine Monero (XMR) via the supportxmr pool. While the financial gain was minimal 0.015 XMR (~£5) from 91 infected hosts the operational impact was significant: a low-skilled attacker compromised nearly 100 systems using AI-generated tools. Unlike typical Docker threats, the malware lacked self-propagation capabilities, relying instead on a centralized "spreader server" linked to a residential IP (49[.]36.33.11) in India. This suggests manual or scripted management of the campaign. The incident underscores a critical shift in cyber threats, where AI-driven "vibecoding" enables rapid, custom malware development. For defenders, this highlights the need for behavioral detection and proactive patching, as static signatures may struggle against the endless variations LLMs can produce. Indicators of Compromise (IoCs): - Spreader IP: 49[.]36.33.11 - Malware host: smplu[.]link - Hashes: - 594ba70692730a7086ca0ce21ef37ebfc0fd1b0920e72ae23eff00935c48f15b - d57dda6d9f9ab459ef5cc5105551f5c2061979f082e0c662f68e8c4c343d667d

Docker Desktop and CLI Vulnerability Exposes Systems to Arbitrary Code Execution and Data Theft A critical security flaw, dubbed DockerDash, was discovered in Docker Desktop and the Docker Command-Line Interface (CLI), specifically within the Ask Gordon AI assistant integrated into these tools. Identified by cybersecurity firm Noma Labs, the vulnerability posed severe risks, including arbitrary code execution and unauthorized access to sensitive data, before being patched. ### Scope and Impact of the Vulnerability Docker is widely used across industries for containerized application deployment, making this flaw particularly concerning. The DockerDash vulnerability allowed attackers to: - Execute arbitrary code within applications running on Docker Desktop or CLI, enabling malicious scripts or unauthorized activities. - Move laterally within networked environments, expanding the potential attack surface. - Exfiltrate sensitive data, including confidential business information, user credentials, and intercepted data traffic processed by Ask Gordon. ### Discovery and Response Noma Labs uncovered the flaw and alerted Docker, which swiftly deployed a patch to mitigate the risk. The security firm praised Docker’s rapid response, highlighting the importance of proactive vulnerability management in developer tools. ### Broader Security Implications The incident underscores the need for continuous monitoring and timely updates in software dependencies, particularly in widely adopted platforms like Docker. As reliance on containerization grows, vulnerabilities like DockerDash serve as a reminder of the evolving threats in cloud and application security.

Docker Engine Vulnerability (CVE-2026-34040) Exposes Hosts to Authorization Bypass Risks A high-severity security flaw in Docker Engine, tracked as CVE-2026-34040, has been identified, enabling attackers to bypass authorization plugins (AuthZ) by manipulating API request bodies. The vulnerability carries a "High" severity rating, though its exploitation likelihood remains low. The issue stems from how the Docker daemon processes oversized request bodies. Attackers with low-level access can craft malicious API requests, prompting the daemon to strip the request body before forwarding it to the AuthZ plugin. Without the necessary data, the plugin may approve actions it would typically block, effectively allowing unauthorized commands to execute. This flaw is a regression of a previous Docker authorization vulnerability (CVE-2024-41110) and affects environments relying on AuthZ plugins for access control. Systems not using these plugins are unaffected. The vulnerability impacts all Docker Engine versions prior to 29.3.1 and could be exploited via a compromised container or low-privilege account to escalate privileges, modify host configurations, or access sensitive data. Docker has released version 29.3.1 to patch the issue. For organizations unable to upgrade immediately, workarounds include discontinuing AuthZ plugins that depend on request body inspection or restricting Docker API access to trusted users under the principle of least privilege. The flaw was responsibly disclosed by security researchers, with remediation led by the Docker development community.

Docker was affected by CVE-2025-62725, a critical path traversal vulnerability in Docker Compose (fixed in v2.40.2) that allowed attackers to escape the tool’s cache directory and write arbitrary files on the host system by exploiting malicious OCI-based Compose artifacts. The flaw stemmed from improper handling of layer annotations, enabling attackers to traverse outside the intended directory and overwrite files where the Compose process had write permissions. This posed a severe risk to workflows relying on Compose—including CI/CD pipelines, cloud workspaces, and enterprise build systems—potentially leading to unauthorized code execution, system compromise, or supply-chain attacks if exploited. Separately, Docker also patched EUVD-2025-36191, a DLL hijacking vulnerability in its Windows Installer (Desktop Installer.exe), which allowed attackers to escalate privileges by planting malicious DLLs in the user’s Downloads folder. Both flaws underscored the risks of unvalidated input handling and insecure default configurations, reinforcing the need for strict path sanitization and timely updates. While no active exploits were reported, the vulnerabilities exposed millions of Docker users to potential system takeover, data manipulation, or lateral movement within networks if left unpatched.