Featured
Shyam Rungta
Shyam Rungta of Regain Energies Solutions Pvt. Ltd. On Building India’s Solar PV Recycling Ecosystem
XLRI
XLRI’s XCITE Opens Applications for Its First Rural Business Incubation Cohort
Hamstech Launches MBA Programmes to Shape the Next Generation of Fashion and Interior Design Leaders-PNn
Hamstech Launches MBA Programmes to Shape the Next Generation of Fashion and Interior Design Leaders
July 16, 2026
The Blunt Times The Blunt Times
  • National
  • City Events
  • Business Vibes
  • Education
  • Entertainment
  • Regional
    • Bharuch
    • Dang
    • Navsari
    • Surat
    • Valsad
    • Hindi
    • Gujarati
  • Health
  • Crime corner
  • Sports
  • Spotlight
Search the Site
Popular Searches:
Chatgpt Nasa Halloween
Recent Posts
Surat Passport Special Drive, the blunt times
Surat Passport Office to Hold Special Drive on July 18
July 16, 2026
The Enough Agency
Top AI Brand Visibility Growth Company, The Enough Agency, Expands Citation Services for Global Markets, Eyes 120% YoY Growth in FY 2026–27
July 16, 2026
Vadodara railway station accident, the blunt times
Passenger Dragged 150 Metres After Vadodara Railway Station Slip
July 16, 2026
The Blunt Times The Blunt Times
  • National
  • City Events
  • Business Vibes
  • Education
  • Entertainment
  • Regional
    • Bharuch
    • Dang
    • Navsari
    • Surat
    • Valsad
    • Hindi
    • Gujarati
  • Health
  • Crime corner
  • Sports
  • Spotlight
Follow us
Home/Technology/Checkmarx hit again, popular tools spreading credential-stealing malware
Technology

Checkmarx hit again, popular tools spreading credential-stealing malware

Checkmarx has reportedly suffered a second security incident within a month, with attackers injecting credential-stealing malware into widely used developer tools. The compromise has affected popular...

Santhosh Kumar
April 25, 2026 2 Min Read

Checkmarx has reportedly suffered a second security incident within a month, with attackers injecting credential-stealing malware into widely used developer tools. The compromise has affected popular distribution channels including Docker Hub and VS Code extensions, raising serious concerns about software supply chain security and developer trust in open-source ecosystems.

Malware found in widely used developer tools

Security researchers revealed that malicious code was inserted into Checkmarx’s KICS (Keeping Infrastructure as Code Secure) Docker images and VS Code extensions. The infected versions were uploaded using existing trusted tags such as v2.1.20 and latest, meaning developers unknowingly downloaded compromised builds instead of safe ones. Since KICS is downloaded millions of times for infrastructure security scanning, the impact could potentially be widespread across development environments.

Credential theft and data exfiltration risks

The injected malware is designed to steal sensitive developer and cloud credentials, including GitHub tokens, AWS and Azure credentials, Google Cloud access data, SSH keys, and environment variables. It then encrypts and exfiltrates the stolen information to attacker-controlled systems. In some cases, it even pushes stolen data into public repositories under victim accounts, increasing the risk of further exploitation and secondary attacks.

Supply chain impact and developer exposure

Checkmarx tools are widely used in CI/CD pipelines to scan infrastructure-as-code files like Terraform, Kubernetes, and CloudFormation. Security experts warn that any secrets exposed during scans should now be considered compromised. Developers are being urged to rotate credentials, audit GitHub repositories, review npm packages, and check cloud logs for unusual activity as part of incident response measures.

Ongoing supply chain attack campaign

Security analysts suggest the attack may be linked to a threat group known as TeamPCP, which has been targeting software supply chains across ecosystems like GitHub, npm, PyPI, Docker Hub, and OpenVSX since late 2025. This campaign has previously affected other major developer tools, highlighting a growing trend of attackers focusing on trusted open-source infrastructure to spread malware at scale.

Tags:

CheckmarxCredential TheftDocker HubMalwareSupply Chain Attack

Share Article

AAP ticket for cash Surat, the blunt times
Previous Post

Ticket-for-Cash Row Rocks AAP in Surat Before Civic Polls

Shrimad Rajchandra hospital Physiological cord clamping research India, the blunt times
Next Post

Shrimad Rajchandra hospital’s Cord Clamping Research Gets Global Recognition

Picked
MILT Congress 2026-Pnn
Ahead of MILT Congress 2026, Global Industry Leaders Reveal the Trends Reshaping MICE and Luxury Travel
Shyam Rungta
Shyam Rungta of Regain Energies Solutions Pvt. Ltd. On Building India’s Solar PV Recycling Ecosystem
XLRI
XLRI’s XCITE Opens Applications for Its First Rural Business Incubation Cohort
Hamstech Launches MBA Programmes to Shape the Next Generation of Fashion and Interior Design Leaders-PNn
Hamstech Launches MBA Programmes to Shape the Next Generation of Fashion and Interior Design Leaders
Nasirnagar demolition case Surat M Nagarajan, the blunt times
Surat Nasirnagar Demolition: SMC Chief Nagarajan Under Fire After Affidavit
The Next-Generation Industrial Leader: How Zahra Deesawala Is Balancing Boardroom Strategy with International Sporting Excellence-PNn
The Next-Generation Industrial Leader: How Zahra Deesawala Is Balancing Boardroom Strategy with International Sporting Excellence
Popular Posts
Nasirnagar demolition case Surat M Nagarajan, the blunt times
Surat Nasirnagar Demolition: SMC Chief Nagarajan Under Fire After Affidavit
By Times News Network
The Next-Generation Industrial Leader: How Zahra Deesawala Is Balancing Boardroom Strategy with International Sporting Excellence-PNn
The Next-Generation Industrial Leader: How Zahra Deesawala Is Balancing Boardroom Strategy with International Sporting Excellence
By TBT Online Desk
SGCCI Saudi Arabia trade opportunities, the blunt times
SGCCI Explores Saudi Market Opportunities for Surat Industries
By Times News Network
GSFC University 100% placements, the blunt times
GSFC University Achieves 100% Placements in Three Programmes
By Times News Network
Shifu’s Apprentice Chinese food festival, the blunt times
ITC Narmada Hosts Master Chef Liang’s Chinese Food Festival
By Times News Network
CMM Languages - TBT
CMM Languages Supports Healthcare and Life Sciences with Specialized Medical Translation Services
By TBT Online Desk

Read Next

OPPO -PNn
Technology
OPPO India Elevates Creative Photography with Reno16 Series featuring AI Portrait Camera and AI Remix Collage
July 10, 2026
10 Min Read
Technology
BAT-BMS Viral Videos Raise EV Security Concerns in India; TraceX Labs Releases Comprehensive BMS Security Advisory and Immediate Mitigation Guidance
July 2, 2026
4 Min Read
Technology
WhatsApp Introduces Usernames: A New Privacy Feature That Lets You Connect Without Sharing Your Phone Number
June 30, 2026
3 Min Read
Technology
OpenAI Restricts Preview of New AI Models to US Partners Following Government Request
June 27, 2026
2 Min Read
The Blunt Times

The Blunt Times is a 24-hour news portal from Surat and south Gujarat. It was launched by senior journalist Melvyn Thomas, who has over 21 years of experience working with the top news organizations such as The Indian Express, The Times of India, and The Economic Times.

Popular
Ahead of MILT Congress 2026, Global Industry Leaders Reveal the Trends Reshaping MICE and Luxury Travel
July 16, 2026
Shyam Rungta of Regain Energies Solutions Pvt. Ltd. On Building India’s Solar PV Recycling Ecosystem
July 16, 2026
XLRI’s XCITE Opens Applications for Its First Rural Business Incubation Cohort
July 16, 2026
Hamstech Launches MBA Programmes to Shape the Next Generation of Fashion and Interior Design Leaders
July 16, 2026
Categories
City Events
National
Business Vibes
Lifestyle
Spotlight
Education
Regional
Business
Entertainment
Health
Press Release
Sports

© 2026 All Rights Reserved, The Blunt Times

  • Terms of Service
  • Privacy Policy