Official CheckMarx Jenkins Package Compromised with Infostealer

Official CheckMarx Jenkins package compromised with infostealer

Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace.

TeamPCP Compromised Checkmarx Jenkins AST Plugin Following KICS Supply Chain Attack

A supply chain attack that started with a relatively obscure open-source scanner has now reached one of the most widely used application security tools in the industry. In May 2026, a malicious version of the Checkmarx Jenkins AST plugin was quietly published to the Jenkins Marketplace, exposing development pipelines to credential theft and unauthorized access. The incident traces back to a threat actor known as TeamPCP, whose earlier attack on …

Backdoored Jenkins Plugin Signals Escalation in TeamPCP Supply Chain Campaign

A fresh compromise of a widely used CI/CD security integration is raising new alarms about the persistence and sophistication of modern software supply chain attacks. SOC Radar researchers are warning that the threat actor known as TeamPCP has once again infiltrated infrastructure tied to Checkmarx, this time targeting its plugin for Jenkins.The incident centers on a backdoored release of the Checkmarx Jenkins plugin, a tool designed to embed ap…

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. "If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously," the cybersecurity company said in a statement over the weekend. As of writing, Checkmarx has released

Checkmarx Jenkins plugin compromised in new supply chain attack

TeamPCP has infected the Checkmarx Jenkins AST plugin with malware. CVSS 9.4. Check your plugin version and rotate your secrets immediately.