Checkmarx has confirmed that a malicious version of its Jenkins AST plugin was published to the Jenkins Marketplace by threat actor TeamPCP, marking the group's second significant supply chain attack within weeks. The compromise follows the now-notorious KICS (Keeping Infrastructure as Code Secure) attack that sent shockwaves through the DevSecOps community in late April.
What Was Compromised
The Checkmarx Jenkins AST plugin is a widely-used integration that allows development teams to trigger Checkmarx application security testing scans directly from their Jenkins CI/CD pipelines. By tampering with a plugin that sits inside the build pipeline, TeamPCP positioned themselves to intercept or manipulate security scan results, exfiltrate credentials, or execute arbitrary code across any environment that pulled the compromised version.
Checkmarx issued an urgent advisory stating:
"If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously."
Any version published after that date and before Checkmarx's remediation should be treated as potentially compromised.
The TeamPCP Pattern
TeamPCP has established a clear modus operandi: target security tooling that developers inherently trust. By attacking Checkmarx specifically — a company whose entire value proposition is finding vulnerabilities — the group sent an unmistakable message about the blind spots in developer workflows.
The KICS attack (Checkmarx's open-source IaC scanner) involved malicious Docker images and VS Code extensions being pushed through compromised channels. The Jenkins AST plugin attack extends this campaign into the CI/CD layer, where tampered plugins can quietly harvest secrets from build environments without triggering standard security controls.
Why Jenkins Plugins Are High-Value Targets
Jenkins remains one of the most widely deployed CI/CD platforms globally. Plugins run with significant privileges inside build pipelines — they can:
- Read environment variables and secrets injected at build time
- Access source code repositories
- Interact with cloud provider APIs using stored credentials
- Modify test and security scan results before they're reported
A compromised plugin operating in this context is functionally equivalent to an insider threat.
Immediate Actions Required
If your organization uses the Checkmarx Jenkins AST plugin:
- Check your installed version immediately. Compare against the safe reference version
2.0.13-829.vc72453fa_1c16. - Audit build logs from the affected period for anomalous outbound connections or unexpected credential access.
- Rotate any secrets that were accessible within Jenkins build environments during the compromise window.
- Restrict plugin auto-updates in Jenkins until you can implement a version-pinning and validation policy.
- Monitor for indicators of compromise specific to TeamPCP — the group is known to establish persistence via scheduled tasks and cron-based implants.
Broader Supply Chain Implications
This attack is part of a disturbing trend: security vendors' own tools becoming attack vectors. When threat actors compromise the software that's supposed to protect you, traditional trust models collapse.
Organizations should evaluate whether their CI/CD pipelines have adequate controls to detect unauthorized plugin modifications. This includes cryptographic verification of plugin integrity, network egress monitoring from build environments, and treating any security tooling update with the same scrutiny applied to production dependencies.
The Checkmarx compromise is expected to prompt broader scrutiny of plugin marketplaces across Jenkins, GitHub Actions, and other CI/CD ecosystems. CISA has not yet added this to the Known Exploited Vulnerabilities catalog, but security teams should treat it with KEV-level urgency given the active exploitation.
Organizations using Checkmarx products should monitor the Checkmarx security advisory page for the latest remediation guidance and indicators of compromise.