{"id":243883,"date":"2026-05-11T14:30:00","date_gmt":"2026-05-11T18:30:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/11\/teampcp-compromises-checkmarx-jenkins-ast-plugin-weeks-after-kics-supply-chain-attack\/"},"modified":"2026-05-11T15:55:06","modified_gmt":"2026-05-11T19:55:06","slug":"teampcp-compromises-checkmarx-jenkins-ast-plugin-weeks-after-kics-supply-chain-attack","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/11\/teampcp-compromises-checkmarx-jenkins-ast-plugin-weeks-after-kics-supply-chain-attack\/","title":{"rendered":"TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/teampcp-compromises-checkmarx-jenkins.html\">TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/teampcp-compromises-checkmarx-jenkins.html\">https:\/\/thehackernews.com\/2026\/05\/teampcp-compromises-checkmarx-jenkins.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-11 14:30:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">May 11, 2026<\/span><\/span><span class=\"p-tags\">Supply Chain Attack \/ DevSecOps<\/span><\/p>\n<p>Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace.<\/p>\n<p>&#8220;If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously,&#8221; the cybersecurity company said in a statement over the weekend.<\/p>\n<p>As of writing, Checkmarx has released 2.0.13-848.v76e89de8a_053 on both GitHub and the Jenkins Marketplace, although its incident update still notes that it&#8217;s &#8220;in the process of publishing a new version of this plugin.&#8221; It did not disclose how the malicious plugin version was published.<\/p>\n<p>The development is the latest attack orchestrated by TeamPCP targeting Checkmarx. It arrives a couple of weeks after the notorious cybercrime group was attributed to the compromise of its KICS Docker image, two VS Code extensions, and a GitHub Actions workflow to push credential-stealing malware.<\/p>\n<p>The breach, in turn, resulted in the brief compromise of the Bitwarden CLI npm package to serve a similar stealer that can harvest a wide range of developer secrets.<\/p>\n<p>TeamPCP has been linked to a series of breaches since March 2026 as part of a sprawling campaign that exploits the inherent trust in the software supply chain to propagate its malware and expand its reach.<\/p>\n<p>According to details shared by security researcher Adnan Khan and SOCRadar, TeamPCP is said to have gained unauthorized access to the plugin&#8217;s GitHub repository and renamed it to &#8220;Checkmarx-Fully-Hacked-by-TeamPCP-and-Their-Customers-Should-Cancel-Now.&#8221;<\/p>\n<p>The defaced repository was also updated to include the description: &#8220;Checkmarx fails to rotate secrets again. with love \u2013 TeamPCP.&#8221;<\/p>\n<p>&#8220;The fact that TeamPCP is back inside Checkmarx systems just weeks later points to one of two possibilities: either the initial remediation was incomplete and credentials were not fully rotated, or the group retained a&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/teampcp-compromises-checkmarx-jenkins.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack https:\/\/thehackernews.com\/2026\/05\/teampcp-compromises-checkmarx-jenkins.html Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":243884,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiq0A3_8O89uC968dpFnFxE4v3J4fpr5nEqC-2QiSJ_rtZlgPocPYIaowCvCMeONhcrFiaoSdBVeNsuTa2ipAZZ3HBMUDcfO8DZ06pughteYJItHhMLeBr_jnfLL-5WX6xBE_EjIfPDGjCYyDCa6aImjimPNl7FtM1evdnTUVEk54x9pczRaFlmEZy1Cv8B\/s1600\/Jenkins.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,24,32],"class_list":["post-243883","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-cybersecurity","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243883"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=243883"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243883\/revisions"}],"predecessor-version":[{"id":243885,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243883\/revisions\/243885"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/243884"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=243883"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=243883"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=243883"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}