Ethical Hacking News
Checkmarx has been hit by another malicious attack from TeamPCP, compromising their Jenkins plugin with a backdoored version that could expose user credentials and sensitive information. This incident highlights the ongoing threat landscape in devops security and underscores the importance of robust security measures to protect against supply chain attacks.
Checkmarx's Jenkins plugin was compromised by TeamPCP through an unauthorized upload to the Jenkins Marketplace. A modified version of the AST Scanner plugin, potentially posing a significant threat to users, was made available for download. The trust model in place makes the compromised plugin particularly dangerous for Jenkins users, exposing user credentials and sensitive data. This is TeamPCP's third attack on Checkmarx's packages in months, highlighting the importance of vigilance in detecting and responding to supply chain attacks.
Checkmarx, a leading provider of software security solutions, has been dealing with another malicious attack from the notorious group TeamPCP. This latest incident involves the compromise of their Jenkins plugin, which was uploaded to the Jenkins Marketplace in an unauthorized manner.
On May 9th, Checkmarx announced that they had detected a modified version of their AST Scanner plugin on the marketplace. The malicious version had been made available for download and could potentially pose a significant threat to the security of users who installed it. As a result, Checkmarx has released an updated version of the plugin (2.0.13-829.vc72453fa_1c16) that should not be used until further notice.
According to SOCRadar, the trust model at play in this scenario makes the compromised plugin particularly dangerous for Jenkins users. The plugin is designed to improve security in build pipelines by providing access to source code, environment variables, tokens, and other sensitive information. A backdoored version of this plugin could compromise not just one project but all projects that rely on it, potentially exposing user credentials and other sensitive data.
This incident marks the third time TeamPCP has compromised Checkmarx's packages in a matter of months. The group is known for its sophisticated attacks, which often involve exploiting vulnerabilities in software supply chains to gain unauthorized access to sensitive information.
SOCRadar notes that either TeamPCP was truthful about Checkmarx's secrets rotation or the group's members took advantage of an additional persistence mechanism that security vendors failed to notice during their response to the March intrusion. This highlights the importance of vigilance and proactive measures in detecting and responding to supply chain attacks.
The incident serves as a reminder of the ongoing struggle between attackers and defenders in the battle for devops security. As software development and deployment become increasingly complex, the risk of supply chain attacks grows exponentially. Therefore, it is essential that developers, organizations, and security professionals prioritize the implementation of robust security measures to protect against these threats.
The Jenkins plugin compromise is just one example of the evolving threat landscape in the world of devops security. As our reliance on automation tools like Jenkins continues to grow, so too do the risks associated with exploiting vulnerabilities in software supply chains.
In this context, it's essential that Checkmarx and other security vendors continue to work closely with developers and organizations to stay ahead of emerging threats and ensure the security of their solutions.
The latest TeamPCP attack on Checkmarx is a wake-up call for all involved in devops security. It underscores the importance of vigilance, proactive measures, and collaboration between stakeholders to prevent such attacks from compromising our systems.
Related Information:
https://www.ethicalhackingnews.com/articles/Checkmarx-Fights-Back-Against-TeamPCP-A-Looming-Threat-to-DevOps-Security-ehn.shtml
https://www.theregister.com/security/2026/05/11/checkmarx-tackles-another-teampcp-intrusion-as-jenkins-plugin-sabotaged/5237780
Published: Mon May 11 07:51:04 2026 by llama3.2 3B Q4_K_M
