Checkmarx KICS Docker images + Open VSX extensions compromised (TeamPCP)
Docker and Socket jointly disclosed a multi-stage compromise of Checkmarx KICS Docker images and Checkmarx VS Code / Open VSX extensions. Trojanised extensions silently install an MCP addon executed via Bun, while the Docker images include a modified KICS binary that encrypts scan output and exfiltrates it. TeamPCP claimed responsibility.
- Threat actor
- TeamPCP
- Detected by
- Socket · Docker
- Ecosystems
- DockerOpen VSX
- Packages tracked
- 3
What happened
Docker and Socket jointly disclosed a coordinated April 22, 2026 compromise of the Checkmarx security-tooling supply chain. Two surfaces were hit: the checkmarx/kics Docker images on Docker Hub and the cx-dev-assist + ast-results extensions on Open VSX (the open Visual Studio Code marketplace).
The Open VSX extensions silently install a Model Context Protocol (MCP) addon executed via the Bun runtime. The addon reads developer credentials and editor state, harvesting GitHub / AWS / Azure / npm tokens and SSH keys from extension users and feeding them to the same audit.checkmarx.cx exfil endpoint used in the parallel @bitwarden/cli push (see npm-2026-04-22-bitwarden-cli-teampcp).
The Docker images carry a modified KICS scanner binary. KICS is a configuration-as-code scanner widely used in CI; the trojanised version encrypts and exfiltrates scan output, so any pipeline that mounted infrastructure code into the KICS scan leaked findings and secret material to the attacker.
TeamPCP publicly claimed responsibility for this push. The cross-surface design — editor extension + Docker image + downstream @bitwarden/cli hijack via Checkmarx GitHub Actions — makes this one of the most impactful coordinated supply-chain operations of 2026 so far. Revert any affected extension or image to the last known-clean release, rotate developer and CI credentials in affected scopes, and block audit.checkmarx.cx at egress.
Affected packages (3)
- Open VSX
checkmarx.ast-results2.63.02.66.0 - Open VSX
checkmarx.cx-dev-assist1.17.01.19.0 - Docker
checkmarx/kics2.1.202.1.20-debian2.1.212.1.21-debianalpinedebianlatest
Impact
- GitHub/AWS/Azure/npm tokens and SSH keys harvested from extension users
- KICS scans in CI pipelines exfiltrated secrets and code findings
- Editor-level RCE on developer workstations
What to do
- 1Remove listed Checkmarx extension versions and Docker images
- 2Revert to last known-clean releases of
cx-dev-assistandast-results - 3Rotate developer and CI credentials in affected scopes
- 4Block
audit.checkmarx.cxat egress