Official CheckMarx Jenkins package compromised with infostealer

📅 11 May 2026 at 22:03 UTC📰 Bleeping ComputerView original source ↗

Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace. [...]

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A rogue version of the Checkmarx Jenkins AST plugin was compromised with infostealer malware, compromising credentials and potentially allowing lateral movement or persistence on affected systems. The attack is attributed to TeamPCP hacker group.

⚙️Technical Details

Affected Systems

Checkmarx Jenkins AST plugin

💥Impact Assessment

Severity: High

Who Is at Risk

Developers using Checkmarx Jenkins AST plugin

🛡️Recommended Actions

1Ensure the use of version 2.0.13-829.vc72453fa_1c16 or an older version of the Checkmarx Jenkins AST plugin

2Rotate all secrets and investigate for lateral movement or persistence

3Monitor environments for malicious artifacts

📦Affected Products

Checkmarx Jenkins AST plugin

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer ↗

← Back to feed