FeedVulnerabilityTeamPCP Compromised Checkmarx Jenkins AST Plugin Following K...
VulnerabilityCyber Security News
8.0CRITICAL

TeamPCP Compromised Checkmarx Jenkins AST Plugin Following KICS Supply Chain Attack

📅 12 May 2026 at 07:49 UTC📰 Cyber Security NewsView original source ↗

A supply chain attack that started with a relatively obscure open-source scanner has now reached one of the most widely used application security tools in the industry. In May 2026, a malicious version of the Checkmarx Jenkins AST plugin was quietly published to the Jenkins Marketplace, exposing development pipelines to credential theft and unauthorized access. […] The post TeamPCP Compromised Checkmarx Jenkins AST Plugin Following KICS Supply Chain Attack appeared first on Cyber Security News.

🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview

A supply chain attack compromised the Checkmarx Jenkins AST plugin, exposing development pipelines to credential theft and unauthorized access. The malicious plugin was published to the Jenkins Marketplace in May 2026.

⚙️Technical Details
Affected Systems
Checkmarx Jenkins AST plugin
Attack Vectors
Jenkins Marketplace
💥Impact Assessment
Severity: High
Who Is at Risk
Development teams using Checkmarx Jenkins AST plugin
🛡️Recommended Actions
1Immediately update to the latest version of the Checkmarx Jenkins AST plugin
2Review and validate all plugins installed on the Jenkins Marketplace
3Implement strict access controls for development pipelines
📦Affected Products
Checkmarx Jenkins AST plugin

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News
← Back to feed