Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace.
The compromise was claimed by the TeamPCP hacker group, which initiated a spree of supply-chain attacks that included the Shai-Hulud campaigns on npm and the Trivy vulnerability scanner breach, resulting in the delivery of credential-stealing malware.
Jenkins is one of the most widely used Continuous Integration/Continuous Deployment (CI/CD) automation solutions for software building, testing, code scanning, application packaging, and deploying updates to servers.
The Checkmarx AST plugin on the Jenkins Marketplace integrates security scanning into automated pipelines.
“We are aware that a modified version of the Checkmarx Jenkins AST plugin was published to the Jenkins Marketplace. We are in the process of publishing a new version of this plug-in,” Checkmarx alerted in the update.
This is the third incident in a series of supply-chain attacks the application security testing firm has suffered since late March.
According to offensive security engineer Adnand Khan, TeamPCP gained access to Checkmarx’s GitHub repositories and backdoored the Jenkins AST plugin to deliver credential-stealing malware.
A company spokesperson confirmed to BleepingComputer that the threat actor obtained credentials to the repositories from the Trivy supply-chain attack in March.
A message the hackers left in the about section reads: “Checkmarx fails to rotate secrets again. With love – TeamPCP.”
source: Adnan Khan
“As a result of that access, the attackers were able to interact with Checkmarx’s GitHub environment and subsequently publish malicious code to certain artifacts,” the company spokesperson stated.
Using credentials stolen in the Trivy attack, the hackers published modified versions of multiple developer tools on GitHub, Docker, and VSCode that included info-stealing code.
The threat actor maintained access for at least a month and then published a malicious version of the company’s KICS analysis tool on Docker, Open VSX, and VSCode, which harvested data from developer environments.
In late April, the company confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository.
On Saturday, May 9, a rogue version (2026.5.09 ) of the Checkmarx Jenkins AST plugin was uploaded to repo.jenkins-ci.org. The update was outside the plugin’s release pipeline and included malicious code.
Apart from not following the official date style scheme, the malicious plugin lacked a git tag and a GitHub release.
Checkmarx advised users to ensure that they are using version 2.0.13-829.vc72453fa_1c16 of the plugin published on December 17, 2025, or an older one.
Although Checkmarx hasn’t shared any details about what the rogue Jenkins plugin does on systems, those who have downloaded the malicious version should assume that their credentials are compromised, rotate all secrets, and investigate for lateral movement or persistence.
Checkmarx says that its GitHub repositories are isolated from its customer production environment, and no customer data is stored in the GitHub repository.
“We have communicated with our customers throughout this process and will continue to provide relevant updates as more information becomes available,” the cybersecurity company said, adding that customers can find recommendations on the Support Portal or in the Security Updates sections.
Checkmarx has published a set of malicious artifacts that defenders can use as indicator of compromise (IoCs) on their envirronments.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
