Feed
CriticalPublished 22 Apr 20263 packages · 11 versions

Checkmarx KICS Docker images + Open VSX extensions compromised (TeamPCP)

Summary

Docker and Socket jointly disclosed a multi-stage compromise of Checkmarx KICS Docker images and Checkmarx VS Code / Open VSX extensions. Trojanised extensions silently install an MCP addon executed via Bun, while the Docker images include a modified KICS binary that encrypts scan output and exfiltrates it. TeamPCP claimed responsibility.

ci-cd-compromisecredential-theftmaintainer-takeover
Threat actor
TeamPCP
Detected by
Socket · Docker
Ecosystems
DockerOpen VSX
Packages tracked
3

What happened

Docker and Socket jointly disclosed a coordinated April 22, 2026 compromise of the Checkmarx security-tooling supply chain. Two surfaces were hit: the checkmarx/kics Docker images on Docker Hub and the cx-dev-assist + ast-results extensions on Open VSX (the open Visual Studio Code marketplace).

The Open VSX extensions silently install a Model Context Protocol (MCP) addon executed via the Bun runtime. The addon reads developer credentials and editor state, harvesting GitHub / AWS / Azure / npm tokens and SSH keys from extension users and feeding them to the same audit.checkmarx.cx exfil endpoint used in the parallel @bitwarden/cli push (see npm-2026-04-22-bitwarden-cli-teampcp).

The Docker images carry a modified KICS scanner binary. KICS is a configuration-as-code scanner widely used in CI; the trojanised version encrypts and exfiltrates scan output, so any pipeline that mounted infrastructure code into the KICS scan leaked findings and secret material to the attacker.

TeamPCP publicly claimed responsibility for this push. The cross-surface design — editor extension + Docker image + downstream @bitwarden/cli hijack via Checkmarx GitHub Actions — makes this one of the most impactful coordinated supply-chain operations of 2026 so far. Revert any affected extension or image to the last known-clean release, rotate developer and CI credentials in affected scopes, and block audit.checkmarx.cx at egress.

Affected packages (3)

  • Open VSXcheckmarx.ast-results
    2.63.02.66.0
  • Open VSXcheckmarx.cx-dev-assist
    1.17.01.19.0
  • Dockercheckmarx/kics
    2.1.202.1.20-debian2.1.212.1.21-debianalpinedebianlatest

Impact

  • GitHub/AWS/Azure/npm tokens and SSH keys harvested from extension users
  • KICS scans in CI pipelines exfiltrated secrets and code findings
  • Editor-level RCE on developer workstations

What to do

  1. 1Remove listed Checkmarx extension versions and Docker images
  2. 2Revert to last known-clean releases of cx-dev-assist and ast-results
  3. 3Rotate developer and CI credentials in affected scopes
  4. 4Block audit.checkmarx.cx at egress

References

multi-2026-04-22-checkmarx-kics-vsx-docker