Ethical Hacking News
Checkmarx, a leading application security testing firm, has suffered another high-profile supply-chain attack, with its Jenkins package compromised by the TeamPCP hacker group. This breach highlights the ongoing threat landscape in the software development community and emphasizes the need for organizations and developers to prioritize security awareness and proactive measures to protect themselves against supply-chain attacks.
Checkmarx suffered a supply-chain attack via its Jenkins package, compromising user credentials. The TeamPCP hacker group claimed responsibility for the attack and published modified versions of developer tools with infostealing code on GitHub and other platforms. Users are advised to use version 2.0.13-829.vc72453fa_1c16 of the plugin or an older one, as newer versions may be malicious. Organizations must prioritize security awareness and take proactive measures to protect against supply-chain attacks. Developers and users should monitor updates for signs of malicious activity and implement robust security practices, such as regular vulnerability scans and penetration testing.
Checkmarx, a leading application security testing firm, has suffered yet another supply-chain attack. According to recent reports, the company's Jenkins package was compromised by the TeamPCP hacker group, which also claimed responsibility for other high-profile attacks, including the Shai-Hulud campaigns on npm and the Trivy vulnerability scanner breach.
The compromise was discovered when a rogue version of the Checkmarx Jenkins AST plugin was uploaded to the repo.jenkins-ci.org repository. The malicious update included infostealing code that compromised user credentials. It is worth noting that this is not the first time Checkmarx has suffered from a supply-chain attack, as the company had previously disclosed vulnerabilities in its GitHub repositories and KICS analysis tool.
The TeamPCP hacker group gained access to Checkmarx's GitHub repositories and backdoored the Jenkins AST plugin to deliver credential-stealing malware. Using credentials stolen in the Trivy attack, the hackers published modified versions of multiple developer tools on GitHub, Docker, and VSCode that included infostealing code. The threat actor maintained access for at least a month before publishing a malicious version of the company's KICS analysis tool.
The malicious plugin was uploaded outside the official release pipeline and lacked a git tag and a GitHub release. Checkmarx advised users to ensure they were using version 2.0.13-829.vc72453fa_1c16 of the plugin published on December 17, 2025, or an older one. Those who have downloaded the malicious version should assume that their credentials are compromised and take immediate action to rotate all secrets and investigate for lateral movement or persistence.
Checkmarx stated that its GitHub repositories are isolated from its customer production environment, and no customer data is stored in the GitHub repository. However, the company has offered guidance on how users can protect themselves from this breach.
The recent supply-chain attack on Checkmarx serves as a stark reminder of the ongoing threats to software developers and organizations worldwide. As more and more companies rely on third-party tools and services for their applications, the risk of supply-chain attacks continues to grow. It is essential that organizations prioritize security awareness and take proactive measures to protect themselves against these types of breaches.
In light of this recent breach, it is crucial to note that developers and users must be vigilant in monitoring updates to software packages and repositories for signs of malicious activity. Additionally, implementing robust security practices, such as regular vulnerability scans and penetration testing, can help mitigate the risk of supply-chain attacks.
Furthermore, companies like Checkmarx must take responsibility for ensuring the security of their products and services. This includes not only updating and patching third-party tools but also conducting thorough audits to identify vulnerabilities before they can be exploited by malicious actors.
In conclusion, the recent breach of Checkmarx's Jenkins package highlights the ongoing threat landscape in the software development community. It is essential for organizations and developers to take proactive measures to protect themselves against supply-chain attacks and prioritize security awareness throughout their operations.
Related Information:
https://www.ethicalhackingnews.com/articles/Supply-Chain-Security-Breach-Checkmarxs-Jenkins-Package-Compromised-with-Infostealer-ehn.shtml
https://www.bleepingcomputer.com/news/security/official-checkmarx-jenkins-package-compromised-with-infostealer/
Published: Mon May 11 18:06:04 2026 by llama3.2 3B Q4_K_M
