Rogue Checkmarx Jenkins AST plugin release on Jenkins Marketplace
Security Tool/Service
Summary
Hide ▲
Show ▼
A rogue 2026.5.09 release of the Checkmarx Jenkins AST plugin was uploaded to repo.jenkins-ci.org, undermining trust in a security-scanning component used in Jenkins pipelines. The tampered package matters because it could expose build and scanning workflows to credential theft and further compromise. Checkmarx directed users to remain on version 2.0.13-829.vc72453fa_1c16 or older while the bad package is removed.
Related Happenings
TanStack hit by network compromise
Incident
H score29
First: 12.05.2026 17:45
Last: 12.05.2026 17:45
Sources 1
About this happening:
**TanStack** was hit by a **package compromise** on **May 11, 2026**, when attackers published **84 malicious versions** across **42 @tanstack/* packages** and abused the release...
TanStack hit by network compromise
IncidentAbout this happening: **TanStack** was hit by a **package compromise** on **May 11, 2026**, when attackers published **84 malicious versions** across **42 @tanstack/* packages** and abused the release...
Latest development: 21.05.2026 11:00
On May 17, 2026, Grafana Labs said an unauthorized attacker had downloaded its codebase after accessing the firm's GitHub environment, and the company later said additional internal operational information and business contact names and email addresses were taken from its GitHub repositories; Grafana Labs said there was no indication that customer production systems or the Grafana Cloud platform were compromised.
Shai-Hulud supply-chain campaign spreading via stolen CI/CD credentials
Campaign
H score56
First: 12.05.2026 14:29
Last: 12.05.2026 14:29
Sources 1
About this happening:
The **Shai-Hulud** **supply-chain campaign** now includes a fresh **PyPI** wave that compromised **19 packages** across **37 malicious releases**, with popular bioinformatics tool...
Shai-Hulud supply-chain campaign spreading via stolen CI/CD credentials
CampaignAbout this happening: The **Shai-Hulud** **supply-chain campaign** now includes a fresh **PyPI** wave that compromised **19 packages** across **37 malicious releases**, with popular bioinformatics tool...
Mini Shai-Hulud npm supply-chain malware wave
Malware Activity
H score68
First: 12.05.2026 14:07
Last: 12.05.2026 14:07
Sources 1
About this happening:
The **Mini Shai-Hulud** npm **malware activity** now includes the **Miasma** variant affecting **Microsoft GitHub repositories** in a self-replicating **supply-chain campaign**. O...
Mini Shai-Hulud npm supply-chain malware wave
Malware ActivityAbout this happening: The **Mini Shai-Hulud** npm **malware activity** now includes the **Miasma** variant affecting **Microsoft GitHub repositories** in a self-replicating **supply-chain campaign**. O...
Latest development: 09.06.2026 18:42
On June 5, Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub after concerns about potential malicious content tied to the Miasma/Shai-Hulud supply-chain campaign. The action disrupted continuous integration pipelines and broke workflows that depended on Azure/functions-action, while Microsoft said it temporarily removed some repositories during its investigation.
TeamPCP Mini Shai-Hulud npm supply-chain campaign
Campaign
H score75
First: 12.05.2026 14:07
Last: 12.05.2026 14:07
Sources 1
About this happening:
The **TeamPCP**-linked **Mini Shai-Hulud** campaign is an active **npm supply-chain operation** that steals developer credentials and abuses trusted publishing paths to spread tro...
TeamPCP Mini Shai-Hulud npm supply-chain campaign
CampaignAbout this happening: The **TeamPCP**-linked **Mini Shai-Hulud** campaign is an active **npm supply-chain operation** that steals developer credentials and abuses trusted publishing paths to spread tro...
Trellix hit by network compromise
Incident
H score73
First: 02.05.2026 09:41
Last: 02.05.2026 09:41
Sources 1
About this happening:
**Trellix** confirmed a **breach** that gave attackers **unauthorized access** to a **portion of its source code**, creating potential security and intellectual-property risk. The...
Trellix hit by network compromise
IncidentAbout this happening: **Trellix** confirmed a **breach** that gave attackers **unauthorized access** to a **portion of its source code**, creating potential security and intellectual-property risk. The...
Latest development: 08.05.2026 16:23
RansomHouse claimed responsibility for the Trellix source code repository breach, posted screenshots from Trellix's appliance management system as proof, and said the intrusion occurred on April 17 and resulted in data encryption.
Timeline
-
12.05.2026 01:03 1 articles · 1mo ago
Rogue Checkmarx Jenkins AST plugin upload on repo.jenkins-ci.org
Exploitation ObservedA rogue version (2026.5.09) of the Checkmarx Jenkins AST plugin was uploaded to repo.jenkins-ci.org outside the release pipeline, and the package lacked a git tag and a GitHub release while carrying malicious code.
Show sources
- Official CheckMarx Jenkins package compromised with infostealer — www.bleepingcomputer.com — 12.05.2026 01:03
-
12.05.2026 01:03 2 articles · 1mo ago
Checkmarx warns about the rogue Jenkins AST plugin
Initial DisclosureCheckmarx warned that a modified Checkmarx Jenkins AST plugin had been published to the Jenkins Marketplace and advised users to stay on version 2.0.13-829.vc72453fa_1c16 or older, rotate all secrets, and investigate for lateral movement or persistence.
Show sources
- Official CheckMarx Jenkins package compromised with infostealer — www.bleepingcomputer.com — 12.05.2026 01:03
- Official CheckMarx Jenkins package compromised with infostealer — www.bleepingcomputer.com — 12.05.2026 01:03