KICS

On April 22, 2026, Checkmarx and Bitwarden suffered supply chain attacks where malicious versions of their developer tools were distributed through official channels, attempting to harvest sensitive information such as GitHub and npm tokens and exfiltrating data to audit.checkmarx[.]cx.

VECT 2.0 ransomware, a RaaS offering, permanently destroys large files due to an encryption flaw, discarding decryption nonces for files above 128 KB, rendering them unrecoverable and effectively acting as a wiper; it uses raw ChaCha20-IETF with no authentication.