Malicious Docker images target KICS security tool

Malicious Docker containers and Visual Studio Code extensions impersonating Checkmarx's KICS infrastructure-as-code security scanner have been deployed in a supply chain attack. The compromised packages were designed to infiltrate developer environments through poisoned distribution channels, targeting organizations that rely on the popular open-source scanning tool. This incident highlights persistent vulnerabilities in developer toolchain distribution, particularly affecting cloud-native security workflows where containerized tooling and IDE extensions operate with elevated privileges across CI/CD pipelines.