New Checkmarx supply-chain breach affects KICS analysis tool

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest ...
The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...
Visual Studio Magazine

Microsoft Keeps Adding VS 2026 MCP Functionality to VS 2022, but Not Much Else

Microsoft's new move to ship Azure MCP tools inside Visual Studio 2022 adds to a small but notable pattern of selected Visual Studio 2026-era functionality later showing up in the older IDE, led by a ...
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.