Malicious Docker Images Target Checkmarx Supply Chain

Cybersecurity experts have identified that harmful Docker images were uploaded to the official 'checkmarx/kics' repository on Docker Hub. A report from Socket, a software supply chain security company, indicates that attackers modified existing image tags, including the legitimate v2.1.20 and 'alpine' tags, while also adding a misleading v2.1.21 tag that is not a valid release. This action could pose serious risks to developers and users relying on these images for their projects. It is crucial for organizations to be vigilant and verify the authenticity of the software components they use. Source: Socket.