VulnHub

Real-time Cybersecurity News

Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit

darkreading
Actively Exploited
Malware

Overview

Recent cyberattacks attributed to the group TeamPCP have targeted several popular tools including Checkmarx's KICS code scanner, the Trivy security scanner, and the VS Code plug-ins, as well as the LiteLLM AI library. These attacks suggest a coordinated effort to compromise supply chain security, affecting developers and organizations that rely on these tools for secure coding practices. As the threat landscape evolves, it is crucial for users of these products to remain vigilant and monitor for any suspicious activities. The ongoing nature of these attacks raises concerns about the security of software development environments, emphasizing the need for robust security measures. Companies using these tools should consider reviewing their security protocols to mitigate potential risks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Checkmarx KICS, Trivy, VS Code plug-ins, LiteLLM AI library
  • Action Required: Users should review security protocols, monitor for suspicious activities, and apply any available updates or patches from the affected vendors.
  • Timeline: Ongoing since recent attacks

Original Article Summary

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx's KICS and VS Code plug-ins, and the LiteLLM AI library — and all signs point to more attacks to come.

Impact

Checkmarx KICS, Trivy, VS Code plug-ins, LiteLLM AI library

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since recent attacks

Remediation

Users should review security protocols, monitor for suspicious activities, and apply any available updates or patches from the affected vendors.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

US nationals sentenced for aiding North Korea’s tech worker scheme

CyberScoop

Kejia Wang and Zhenxing Wang, two U.S. nationals, have been sentenced for their roles in a scheme that aided North Korean operatives in securing jobs with over 100 American companies. They created shell companies and operated laptop farms to facilitate this process, which allowed North Korean workers to bypass U.S. employment regulations. The actions of the Wangs not only undermined U.S. labor laws but also raised national security concerns by potentially enabling North Korea to access sensitive technologies and information. This case illustrates the risks of foreign interference in U.S. job markets and highlights the importance of vigilance in monitoring employment practices to protect against such schemes.

Apr 16, 2026

Operation PowerOFF identifies 75k DDoS users, takes down 53 domains

BleepingComputer

On April 13, 2026, law enforcement agencies conducted 'Operation PowerOFF,' which successfully identified 75,000 users involved in distributed denial-of-service (DDoS) attacks across 21 countries. The operation led to the takedown of 53 domains associated with these attacks. By targeting the DDoS ecosystem, authorities aim to disrupt the infrastructure that enables these types of cyberattacks, which can overwhelm websites and online services, causing significant downtime and financial losses. This operation is a crucial step in combating the growing threat of DDoS attacks, which have become increasingly sophisticated and harmful to businesses and individuals alike. The large number of identified users highlights the scale of the issue and underscores the need for ongoing vigilance in cybersecurity efforts.

Apr 16, 2026

ZionSiphon malware designed to sabotage water treatment systems

BleepingComputer

A new malware known as ZionSiphon has emerged, specifically targeting water treatment and desalination facilities. This malware is designed to disrupt operations within these critical infrastructures, posing a significant risk to public health and safety. Researchers are concerned about the potential for environmental damage and the impact on water supply systems that millions rely on. As attacks on essential services become more frequent, this situation emphasizes the need for enhanced cybersecurity measures in operational technology environments. The threat is particularly alarming as it could lead to unsafe drinking water and other serious consequences for affected communities.

Apr 16, 2026

The AI "Vulnpocolypse" Is Real? - PSW #922

SCM feed for Latest

A recent report indicates that a significant number of AI systems are vulnerable to various security threats, leading to what experts are calling a 'Vulnpocolypse.' Researchers have identified multiple weaknesses in popular AI models that could be exploited by attackers, potentially allowing them to manipulate outcomes or extract sensitive data. This situation poses risks not only to companies that rely on AI technologies but also to end-users who may be affected by compromised systems. The findings emphasize the urgent need for developers and organizations to enhance security measures around AI applications to prevent exploitation. As AI continues to evolve and integrate into more aspects of business and daily life, addressing these vulnerabilities is crucial for maintaining trust and safety in AI systems.

Apr 16, 2026

North Korea Uses ClickFix to Target macOS Users' Data

darkreading

North Korean hacking group Sapphire Sleet is targeting macOS users through deceptive tactics. They are using fake job offers and bogus Zoom updates to distribute a malware called ClickFix, which is designed to steal user credentials and sensitive information from Mac computers. This type of attack not only compromises individual users but also poses a larger risk to organizations that rely on macOS systems for their operations. The use of social engineering techniques makes these attacks particularly effective, as users may be more likely to fall for the ruse of legitimate job opportunities or software updates. It's crucial for macOS users to be vigilant about unexpected communications and to verify the authenticity of job offers and software updates before taking any action.

Apr 16, 2026

Cookeville Regional Medical Center hospital data breach impacts 337,917 people

Security Affairs

Cookeville Regional Medical Center in Tennessee suffered a significant ransomware attack that compromised the data of approximately 337,917 individuals. The attack, attributed to the Rhysida hacking group, resulted in the theft of around 500GB of sensitive information from the hospital's systems. This breach raises serious concerns about patient privacy and data security in healthcare settings. The stolen data could include personal health information, which could be exploited for identity theft or other malicious purposes. Affected individuals may need to monitor their accounts closely and remain vigilant against potential phishing attempts or fraud.

Apr 16, 2026