Attackers Target Checkmarx KICS Ecosystem
Yet another supply chain attack has hit the open source ecosystem, this time impacting the Checkmarx KICS Docker Hub repository.
Author Bio
Lindsey O'Donnell-Welch
Lindsey O’Donnell-Welch is an award-winning journalist who strives to shed light on how security issues impact not only businesses and defenders on the front line, but also the daily lives of consumers.
Featured Articles
Fix the Dang Software: Claude Mythos and Vulnerability Research
Claude Mythos Preview is making huge waves in the world of vulnerability discovery and exploit development. And it’s not even publicly available! We asked hacker and Luta Security CEO Katie Moussouris and AI and machine learning security pioneer Gary McGraw what AI-enabled bug hunting means for researchers, defenders, and enterprise security teams.
Anthropic’s Claude Mythos is Just the Beginning
Anthropic's Project Glasswing initiative, announced this week, sent shockwaves across the cybersecurity world.
US Gov: Iran-Linked Actors Targeting Critical Infrastructure PLCs
The advisory comes amid the ongoing conflict between the U.S. and Iran. CISA said Iran-linked APT campaigns targeting U.S. orgs have recently escalated.
The $285M Drift Protocol Heist Was ‘6 Months in the Making’
During the largest DeFi hack of 2026, it only took attackers 12 minutes to drain millions in user assets - but the build up to the attack took six months of meticulously planned social engineering.
TeamPCP’s Supply Chain Attack Spree Continues
TeamPCP’s latest victim is the Telnyx Python SDK on PyPl, coming after a wave of supply chain hits on Aqua Trivy, Checkmarx KICS/OpenVSX, and LiteLLM.