On Saturday, May 9, 2026, a malicious version of the official Checkmarx Jenkins package (specifically, the Application Security Testing (AST) plugin) appeared on repo.jenkins-ci.org. This was not a legitimate release of the Checkmarx Jenkins package. It lacked a proper git tag, a GitHub release, and did not follow Checkmarx's standard date-based versioning. It was an unauthorized, maliciously crafted version designed to steal credentials, a tactic aligned with MITRE ATT&CK technique T1552.001 (Unsecured Credentials).
What Happened: Another Checkmarx Jenkins Package Compromised
This incident, attributed to the sophisticated threat actor TeamPCP, marks one of several supply-chain incidents Checkmarx has faced in recent months. The immediate focus has been on the infostealer, the compromised plugin, and the urgent need for users to rotate secrets. Checkmarx confirmed the compromise and advised users to ensure they are using version 2.0.13-829.vc72453fa_1c16 (published December 17, 2025) or an older version. They also stated that their GitHub repositories are isolated from customer production environments and hold no customer data.
But this incident's true significance lies deeper.
How Stolen Keys Kept Giving Access
The sequence of events reveals a persistent access problem. The threat actor first gained access to Checkmarx's GitHub repositories during the Trivy supply-chain attack in March 2026. This initial access, a classic example of a supply-chain compromise (MITRE ATT&CK T1195.002), was achieved using credentials stolen during a prior supply-chain compromise, which served as a key starting point for the subsequent incidents. The threat actor maintained access to Checkmarx's GitHub environment for an extended period, estimated to be at least a month. This was not a quick exfiltration; rather, it represented a sustained presence, allowing the actor to maintain a foothold within the environment.
During this period, the actor exploited their access to publish malicious code. This included the rogue Checkmarx Jenkins package (the AST plugin) containing the infostealer, modified versions of developer tools on GitHub, Docker, and VSCode, all laced with info-stealing code, often leveraging techniques like T1071.001 (Web Protocols) for exfiltration, and a malicious version of Checkmarx's KICS analysis tool on Docker, Open VSX, and VSCode, specifically designed to harvest data from developer environments.
The persistence suggests that the credentials stolen in March were not fully rotated, or the threat actor established a persistent foothold that allowed them to regain access even after initial remediation attempts. The attacker's message, "Checkmarx fails to rotate secrets again," is a stark reminder of a persistent challenge in incident response: ensuring every compromised access vector is truly shut down.
The Impact: Beyond a Single Plugin, a Trust Problem
The immediate impact is clear: if you installed the malicious Checkmarx Jenkins AST plugin, assume your credentials are compromised. This specific Checkmarx Jenkins package was designed to steal credentials. Users must rotate all secrets, not just those directly related to Jenkins, and investigate for lateral movement or persistence within their own environment, as this infostealer likely targeted a broad range of developer credentials and tokens, including API keys, SSH keys, and cloud access tokens, commonly stored in developer environments, indicative of an adversary seeking to exploit T1552 (Credential Access) broadly.
The broader implications, however, are more complex. This incident highlights deeper issues within the software supply chain, especially concerning developer tools. When a security vendor, whose business relies on trust and code analysis, repeatedly falls victim to the same type of attack from the same actor, it erodes confidence. Developers rely on these tools to enhance security. When the tools themselves become vectors, it creates a serious dilemma.
The targeting of Checkmarx's KICS analysis tool indicates an intent to harvest data directly from development environments.
The Response: What's Being Done, and What's Still Missing
Checkmarx has published Indicators of Compromise (IoCs) and provided guidance on safe versions. Their assurances that GitHub repositories are isolated from customer production environments and do not store customer data are important. This distinction clarifies the incident as a confidentiality breach of their development environment, not a direct breach of customer data.
Yet, the recurring nature of these incidents, culminating in the threat actor's taunting message, suggests a need for a more fundamental re-evaluation of security practices across the industry, particularly concerning credential management and artifact publishing.
Effective incident response requires more than isolated fixes. The fact that the threat actor could seemingly re-use or maintain access for an extended period, as observed, suggests a gap in credential rotation and validation, potentially allowing stale or compromised credentials to remain active or for new access tokens to be generated from existing footholds. Consequently, every credential, token, and key that could have been exposed needs to be invalidated and reissued through a verifiable process, such as requiring multi-factor authentication for all credential rotations and implementing automated scanning for newly exposed secrets across the environment.
Beyond credential management, this incident highlights the need for stricter controls around publishing artifacts. The unauthorized publication of a rogue Checkmarx Jenkins package version to repo.jenkins-ci.org without proper git tags or GitHub releases points to identified weaknesses in build and release pipelines, or perhaps insufficient validation at the repository level, indicating a need to scrutinize both areas and prevent further instances of T1195.002 (Compromise Software Supply Chain). This implies that package managers and artifact repositories need stronger mechanisms, such as mandatory cryptographic signing of all published artifacts and multi-party approval workflows for critical releases, to detect and block unofficial or malicious uploads.
Ultimately, companies, especially security companies, must move beyond simply "cleaning up" after a breach. Such an extended period of access provides ample time for an attacker to establish multiple footholds. Therefore, post-breach resilience demands assuming persistence and actively hunting for it, rather than relying solely on initial remediation.
While Checkmarx is at the center of this incident, it highlights a systemic challenge across the industry. The consistent stream of supply chain attacks, as observed across various platforms, points to a systemic vulnerability. The repeated compromises of development tools are eroding trust within the software ecosystem.
Ultimately, the evidence points to a clear conclusion: effective incident response, particularly for security vendors, requires a complete and verifiable eradication of threat actor access, a thorough review of all potential entry points including credential management and artifact publishing pipelines, and a commitment to hardening the entire development and release process. Without these comprehensive, incident-specific measures, organizations like Checkmarx remain vulnerable to repeated compromise by persistent actors like TeamPCP, especially concerning critical artifacts like the Checkmarx Jenkins package.
