TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack Ravie LakshmananMay 11, 2026Supply Chain Attack / DevSecOps Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. "If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously," the cybersecurity company said in a statement over the weekend. As of writing, Checkmarx has released 2.0.13-848.v76e89de8a_053 on both GitHub and the Jenkins Marketplace, although its incident update still notes that it's "in the process of publishing a new version of this plugin." It did not disclose how the malicious plugin version was published. The development is the latest attack orchestrated by TeamPCP targeting Checkmarx. It arrives a couple of weeks after the notorious cybercrime group was attributed to the compromise of its KICS Docker image, two VS Code extensions, and a GitHub Actions workflow to push credential-stealing malware. The breach, in turn, resulted in the brief compromise of the Bitwarden CLI npm package to serve a similar stealer that can harvest a wide range of developer secrets. TeamPCP has been linked to a series of breaches since March 2026 as part of a sprawling campaign that exploits the inherent trust in the software supply chain to propagate its malware and expand its reach. According to details shared by security researcher Adnan Khan and SOCRadar, TeamPCP is said to have gained unauthorized access to the plugin's GitHub repository and renamed it to "Checkmarx-Fully-Hacked-by-TeamPCP-and-Their-Customers-Should-Cancel-Now." The defaced repository was also updated to include the description: "Checkmarx fails to rotate secrets again. with love – TeamPCP." "The fact that TeamPCP is back inside Checkmarx systems just weeks later points to one of two possibilities: either the initial remediation was incomplete and credentials were not fully rotated, or the group retained a foothold that wasn't identified during the March response," SOCRadar said. "A second Checkmarx incident happening this soon suggests the group is actively watching for re-entry points, testing the depth of past remediations, and capitalizing on any gaps." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  Checkmarx, cybersecurity, DevSecOps, GitHub, Jenkins, Malware, software security, supply chain attack, TeamPCP ⚡ Top Stories This Week We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE and More Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries Day Zero Readiness: The Operational Gaps That Break Incident Response Trellix Confirms Source Code Breach With Unauthorized Repository Access Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories 2026: The Year of AI-Assisted Attacks 30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage Load More ▼ ⭐ Featured Resources [Demo] Stop Email Attacks and Protect Cloud Workspace Data Faster [Demo] Discover How to Control Autonomous Identity Risks Effectively [Webinar] Learn How Autonomous Validation Keeps Pace With AI Attacks [Guide] Get Practical AI SOC Insights to Improve Threat Detection