Checkmarx: Another TeamPCP Intrusion - Jenkins Plugin Attack (2026)

Checkmarx, a software security firm, has been hit by yet another cyberattack, this time targeting its Jenkins plugin. The incident, which occurred over the weekend, has raised concerns about the security of DevOps tools and the potential for supply chain attacks. The attack involved a modified version of the Checkmarx Jenkins AST plugin being published to the Jenkins Marketplace, which could have severe implications for Jenkins users.

The plugin, which is used for security scans in Jenkins CI pipelines, was compromised by TeamPCP, a group known for their supply chain attacks. This is the third time TeamPCP has targeted Checkmarx in the past few months, and the second time they've compromised the company's packages. The attack is particularly concerning because the plugin is installed by several hundred controllers and remains available on the Jenkins Marketplace.

What makes this attack even more dangerous is the trust model involved. The Checkmarx Jenkins plugin is designed to improve the security of Jenkins pipelines, but a backdoored version can compromise the entire system. It can ride trusted infrastructure into every build pipeline it touches, gaining access to sensitive information such as source code, environment variables, tokens, and secrets.

This is not the first time TeamPCP has used malware named after the Dune novel 'Shai-Hulud'. In September last year, they compromised hundreds of npm packages, and in November, they affected over 25,000 GitHub repos. The Mini Shai-Hulud packages were later injected into Checkmarx's Jenkins plugin, and they also hit SAP npm packages in the TeamPCP supply chain attacks.

Security engineer Adnan Khan quickly spotted the compromise, and SOCRadar noted that the latest TeamPCP compromise suggests either that TeamPCP was telling the truth about Checkmarx's secrets rotation or that they found an additional persistence mechanism that the security vendor missed. This incident highlights the ongoing challenges in securing DevOps tools and the need for constant vigilance in the face of evolving cyber threats.

Checkmarx: Another TeamPCP Intrusion - Jenkins Plugin Attack (2026)
Top Articles
Shocking Retirement Savings Statistics: Are Americans Prepared for the Future?
US-China Trade War: Breaking Free from China's Dominance in Critical Minerals
2025 NCR All-Americans Announced: Meet the Top Collegiate Rugby Players!
Latest Posts
Breaking: Nancy Guthrie Abduction Update - Ransom Deadline Looms, Blood Evidence Found
Orioles Trade: Blaze Alexander Joins Baltimore - What It Means for the Team
Recommended Articles
Article information

Author: Tuan Roob DDS

Last Updated:

Views: 5925

Rating: 4.1 / 5 (42 voted)

Reviews: 89% of readers found this page helpful

Author information

Name: Tuan Roob DDS

Birthday: 1999-11-20

Address: Suite 592 642 Pfannerstill Island, South Keila, LA 74970-3076

Phone: +9617721773649

Job: Marketing Producer

Hobby: Skydiving, Flag Football, Knitting, Running, Lego building, Hunting, Juggling

Introduction: My name is Tuan Roob DDS, I am a friendly, good, energetic, faithful, fantastic, gentle, enchanting person who loves writing and wants to share my knowledge and understanding with you.