What New Checkmarx supply-chain breach affects KICS analysis tool Means for Manila Businesses

A developer in BGC opens their code editor. By the end of the day, their credentials are already gone.

That's the reality of the Checkmarx KICS breach — and if your Manila team uses any open-source security scanning tools, this is worth two minutes of your time.

What Got Compromised and Why It Spreads Fast

Attackers quietly replaced legitimate Docker images and VSCode extensions for KICS — a popular infrastructure-as-code scanner — with poisoned versions designed to steal developer credentials.

Your team probably doesn't audit every extension they install. Most don't.

The real danger is trust. These weren't random downloads — they mimicked official tools, which means even cautious developers got caught.

What to Check Before Your Next Sprint

If anyone on your team runs KICS locally or inside a CI/CD pipeline, run these checks now.

• Audit all VSCode and Open VSX extensions installed on dev machines
• Verify Docker image hashes against official Checkmarx releases
• Rotate any API keys or credentials stored in affected environments
• Check pipeline logs for unusual outbound connections post-install
• Restrict extension installs to an approved internal list going forward

Containing the Damage Before It Reaches Your Clients

If stolen credentials sit undetected for even 48 hours, the blast radius grows fast — especially if your team shares access to client environments or cloud staging servers.

Rotating credentials costs an hour. A client data incident costs a lot more.

If you want a second set of eyes on your development environment security, see what WNS5.tech can do for your team.