Urgent: Malicious KICS Images on Docker Hub
On April 22, 2026, at approximately 12:35 UTC, a threat actor used stolen publisher credentials to push malicious images to the checkmarx/kics repository on Docker Hub. The attacker overwrote five existing tags and created two new ones, all containing a backdoor that exfiltrated scan output to attacker-controlled infrastructure at audit.checkmarx[.]cx.
"This is the second supply chain compromise on Docker Hub in weeks, following the Trivy incident," said a Docker security spokesperson. "Neither incident involved a breach of Docker’s infrastructure; both relied on compromised publisher accounts."
What Happened
The attacker authenticated using valid Checkmarx credentials and pushed images built from an attacker-controlled source repository. The poisoned binary kept the legitimate scanning surface intact while adding a silent exfiltration path. Scan output was encrypted and sent out under the User-Agent KICS-Telemetry/2.0.
Because KICS scans Terraform, CloudFormation, Kubernetes, and similar configuration files, its output routinely contains secrets, credentials, cloud resource names, and internal topology. The exposure window is short but critical.
Affected Tags and Digests
Index manifest digests to treat as malicious:
- For alpine, v2.1.20, v2.1.21:
sha256:2588a44890263a8185bd5d9fadb6bc9220b60245dbcbc4da35e1b62a6f8c230d - For debian, v2.1.20-debian, v2.1.21-debian:
sha256:222e6bfed0f3bb1937bf5e719a2342871ccd683ff1c0cb967c8e31ea58beaf7b - For latest:
sha256:a0d9366f6f0166dcbf92fcdc98e1a03d2e6210e8d7e8573f74d50849130651a0
If your CI ran KICS against any repository with credentials in scope during the exposure window, rotate those credentials immediately. Re-pull checkmarx/kics by digest, not tag, and pin your CI to the digest to prevent future overwrites. Purge malicious digests from local caches, CI runners, and pull-through registries.
Background
This attack follows the same pattern as the Trivy compromise on Docker Hub earlier in April 2026. In both cases, stolen publisher credentials were used to push malicious images through legitimate publishing flows. Docker’s infrastructure was not breached.
“The repeat pattern shows that attackers are actively targeting publisher accounts on container registries,” noted Maria Chen, a supply chain security analyst at CyberSecWatch. “Organizations must enforce multi-factor authentication, monitor for unexpected image pushes, and verify image integrity via digests.”
What This Means
The incident underscores the fragility of trust in container images. Even legitimate repositories can be weaponized if publisher credentials are stolen. Defenders need to invest in credential hygiene, anomaly detection for image pushes, and immutable reference by digest rather than tag.
“These attacks are a wake-up call,” said Chen. “Every team pulling open-source container images should assume that tags can be overwritten and treat every pull as a potential risk.”
Docker has stated it is working with Checkmarx to investigate the breach and has revoked the compromised credentials. Users are advised to monitor Docker Hub security advisories for updated guidance.