> TritonInfoSec News
Home / May 12, 2026 / Story
0
#7 The Hacker News general May 11, 2026 at 18:30 UTC

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

By [email protected] (The Hacker News)

AI Summary

A group called TeamPCP compromised the official Checkmarx Jenkins AST plugin on the Jenkins Marketplace, publishing a trojanized version containing an infostealer — the second supply chain incident linked to Checkmarx tooling following a prior KICS attack. Checkmarx confirmed users must roll back to version 2.0.13-829.vc72453fa_1c16 (published December 17, 2025) or earlier. Any CI/CD pipeline using the Checkmarx Jenkins plugin after that date should be treated as potentially compromised and investigated immediately.

Read full article → https://thehackernews.com/2026/05/teampcp-compromi…

Relevance score: 82.0/100

# More from May 12

  1. 1
    Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation The Hacker News
  2. 2
    Google: Hackers used AI to develop zero-day exploit for web admin tool BleepingComputer
  3. 3
    Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak The Hacker News
  4. 4
    New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks SecurityWeek
  5. 5
    Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads The Hacker News
  6. 6
    cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor The Hacker News
  7. 8
    TrickMo Android banker adopts TON blockchain for covert comms BleepingComputer
  8. 9
    UK water company allowed hackers to lurk undetected for nearly two years, regulator finds The Record
  9. 10
    Hackers abuse Google ads, Claude.ai chats to push Mac malware BleepingComputer