> TritonInfoSec News
Home / May 13, 2026 / Story
0
#8 BleepingComputer general May 11, 2026 at 22:03 UTC

Official CheckMarx Jenkins package compromised with infostealer

By Bill Toulas

AI Summary

The official Checkmarx Jenkins Application Security Testing (AST) plugin on the Jenkins Marketplace was compromised with an infostealer in a supply chain attack discovered over the weekend of May 11, 2026. This attack is particularly impactful because it targeted a security tool itself, meaning CI/CD pipelines using Checkmarx for vulnerability scanning may have been exfiltrating credentials or build secrets.

Read full article → https://www.bleepingcomputer.com/news/security/off…

Relevance score: 80.0/100

# More from May 13

  1. 1
    Copy.Fail Linux Vulnerability Schneier on Security
  2. 2
    'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros Dark Reading
  3. 3
    Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days BleepingComputer
  4. 4
    TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack SecurityWeek
  5. 5
    Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak The Hacker News
  6. 6
    Google Detects First AI-Generated Zero-Day Exploit SecurityWeek
  7. 7
    Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator BleepingComputer
  8. 9
    New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution The Hacker News
  9. 10
    iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android The Hacker News