Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and...

Malicious code in aquasecurityofficial.trivy-vulnerability-scanner (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b6cab1dae06f51e2aaa57704d8374b6882440070d0796e7b719a85e6f803888b This extension is a compromised version of the offical Trivy VSCode extension available on the Microsoft Marketplace. Versions 1.8.11 and...

PT-2026-23503

Name of the Vulnerable Software and Affected Versions Trivy Vulnerability Scanner VS Code Extension version 1.8.12 Description The Trivy Vulnerability Scanner VS Code extension was compromised with malicious code in version 1.8.12, distributed through the OpenVSX marketplace. This malicious code...

CVE-2025-65715

CVE-2025-65715 affects Visual Studio Code Extensions Code Runner v0.12.2, where the code-runner.executorMap setting is vulnerable to arbitrary code execution when a crafted workspace is opened. The description specifies a code execution risk but does not provide details on affected platforms, exa...

MAL-2025-191164 Malicious code in JScearcy.rust-doc-viewer (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 1dbdd73bf66fbfde48d73e86ebfbb11ca8bb6f44ff57a5030596fc189f962ddf This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...