Checkmarx KICS and Bitwarden CLI Compromised in Fresh Supply Chain Attack (Campaign)

Malicious versions of Checkmarx components (KICS Docker image, VS Code extension, and an ast-github-action) and a temporary malicious release of the @bitwarden/cli npm package were published to public repositories; the malicious artifacts harvest, encrypt, and exfiltrate secrets and the VS Code extensions can steal npm tokens to facilitate further supply-chain attacks. Docker images were removed quickly but some malicious extensions remained available on OpenVSX, and the activity is claimed by TeamPCP.