Checkmarx breach exposes dev supply chain

Checkmarx said April 29 that LAPSUS$ leaked data stolen from the company’s private GitHub repository after a March 23 breach. (bleepingcomputer.com) (securityweek.com) The company said the leaked material came from its GitHub environment and that its investigation has not found customer data in the files so far. (bleepingcomputer.com) (securityweek.com) This followed a second Checkmarx incident disclosed on April 22, when attackers pushed malicious artifacts through the company’s KICS developer tooling. KICS stands for Keeping Infrastructure as Code Secure, a scanner developers use to catch risky cloud and configuration mistakes before deployment. (checkmarx.com) (bleepingcomputer.com) Checkmarx said the affected artifacts included Docker Hub tags for `checkmarx/kics`, version `2.3.35` of `ast-github-action`, and tampered Visual Studio Code and Open VSX extensions. The company listed precise exposure windows on April 22 and said safe versions published before those windows were not affected. (checkmarx.com) Docker images are prepacked software bundles, like sealed shipping containers for code. If one is poisoned, the malicious code can run inside developer laptops, build servers, and continuous integration pipelines that trust the image by default. (docker.com) (checkmarx.com) The same logic applies to editor extensions and GitHub Actions, which developers install to automate scans and speed up routine work. Socket said the compromised Checkmarx extensions fetched a second-stage file named `mcpAddon.js` from a hard-coded GitHub URL and executed it without integrity checks. (socket.dev) (thehackernews.com) Checkmarx said it removed the malicious artifacts, rotated exposed credentials, blocked attacker-controlled infrastructure, and brought in an outside forensic firm. Docker said it quarantined the malicious KICS image after internal monitoring spotted the push. (checkmarx.com) (docker.com) A day before the GitHub leak confirmation, Red Hat principal software engineer Sally O’Malley released Tank OS, an open-source system for running OpenClaw agents inside rootless Podman containers. Podman is a container tool that keeps apps separated from the host machine without giving them administrator-level access. (techcrunch.com) Tank OS is aimed at companies that want AI agents to use API keys, keep state, and run at startup without handing those agents broad access to the underlying computer. O’Malley told TechCrunch she built the first version over a weekend. (techcrunch.com) The two stories meet in the same place: the tools that sit closest to developers and operators now carry the same blast radius as production software. In Checkmarx’s case, the trusted path was a scanner, an action, and an editor plugin; in Tank OS, the response is to wall off the agent before that trust can spread. (checkmarx.com) (techcrunch.com)