Checkmarx KICS Tool Compromised in Supply-Chain Breach

A critical vulnerability was discovered in the Checkmarx KICS tool due to a supply-chain breach, where a malicious Docker image was briefly hosted on DockerHub, exposing users to potential security risks between April 22, 2026, 14:17:59 UTC and 15:41:31 UTC. The breach was quickly identified and rectified, with affected tags restored…

https://osintsights.com/checkmarx-kics-tool-compromised-in-supply-chain-breach?utm_source=mastodon&utm_medium=social

#SupplyChainBreach #Dockerhub #CheckmarxKics #EmergingThreats #TrojanizedImage

Malicious AI Gateway Exposes Data Through Supply Chain Breach

A recent analysis of LiteLLM, a popular AI gateway, revealed a supply chain breach that embedded malicious code designed to steal sensitive data, highlighting the vulnerability of even the most trusted components. This breach turned a multifunctional gateway meant to enhance AI agents into a vector for data theft, putting countless users…

https://osintsights.com/malicious-ai-gateway-exposes-data-through-supply-chain-breach

#Litellm #SupplyChainBreach #AiAgents #DataExfiltration #Securelist

[Threatview.io] ⚠️ Vulnerability alert

Check if impacted by CVE-2024-3094 ❓

❌ xz -V

✔️ strings /usr/local/bin/xz | grep "(XZ Utils)"

✔️strings `which xz` | grep "(XZ Utils"

✔️for xz_p in $(type -a xz | awk '{print $NF}' | uniq); do strings "$xz_p" | grep "xz (XZ Utils)" || echo "No match found for $xz_p"; done

#threatintel
#dfir
#CTI
#supplychainbreach
#cyberbreach