Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Rogue Checkmarx Jenkins AST plugin release on Jenkins Marketplace

Security Tool/Service
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

A rogue 2026.5.09 release of the Checkmarx Jenkins AST plugin was uploaded to repo.jenkins-ci.org, undermining trust in a security-scanning component used in Jenkins pipelines. The tampered package matters because it could expose build and scanning workflows to credential theft and further compromise. Checkmarx directed users to remain on version 2.0.13-829.vc72453fa_1c16 or older while the bad package is removed.

Related Happenings

TanStack hit by network compromise

Incident
First: 12.05.2026 17:45 Last: 12.05.2026 17:45 Sources 1

About this happening: **TanStack** was hit by a **package compromise** on **May 11, 2026**, when attackers published **84 malicious versions** across **42 @tanstack/* packages** and abused the release...

Latest development: 21.05.2026 11:00

On May 17, 2026, Grafana Labs said an unauthorized attacker had downloaded its codebase after accessing the firm's GitHub environment, and the company later said additional internal operational information and business contact names and email addresses were taken from its GitHub repositories; Grafana Labs said there was no indication that customer production systems or the Grafana Cloud platform were compromised.

Open Happening

Shai-Hulud supply-chain campaign spreading via stolen CI/CD credentials

Campaign
First: 12.05.2026 14:29 Last: 12.05.2026 14:29 Sources 1

About this happening: The **Shai-Hulud** **supply-chain campaign** remains active across **npm**, **PyPI**, and **Composer**, with the latest reporting tying **TeamPCP** to both a claimed **GitHub inte...

Open Happening

Mini Shai-Hulud npm supply-chain malware wave

Malware Activity
First: 12.05.2026 14:07 Last: 12.05.2026 14:07 Sources 1

About this happening: The **Sha1-Hulud** npm supply-chain campaign is a fresh **second wave** of **Shai-Hulud**-style activity that has compromised **hundreds of npm packages**. The malware runs during...

Open Happening

TeamPCP Mini Shai-Hulud npm supply-chain campaign

Campaign
First: 12.05.2026 14:07 Last: 12.05.2026 14:07 Sources 1

About this happening: The **TeamPCP**-linked **Mini Shai-Hulud** campaign is a **malicious npm supply-chain operation** that steals developer credentials and abuses trusted publishing paths to spread t...

Open Happening

Trellix hit by network compromise

Incident
First: 02.05.2026 09:41 Last: 02.05.2026 09:41 Sources 1

About this happening: **Trellix** confirmed a **breach** that gave attackers **unauthorized access** to a **portion of its source code**, creating potential security and intellectual-property risk. The...

Latest development: 08.05.2026 16:23

RansomHouse claimed responsibility for the Trellix source code repository breach, posted screenshots from Trellix's appliance management system as proof, and said the intrusion occurred on April 17 and resulted in data encryption.

Open Happening

Timeline

  1. 12.05.2026 01:03 1 articles · 15d ago

    Rogue Checkmarx Jenkins AST plugin upload on repo.jenkins-ci.org

    Exploitation Observed

    A rogue version (2026.5.09) of the Checkmarx Jenkins AST plugin was uploaded to repo.jenkins-ci.org outside the release pipeline, and the package lacked a git tag and a GitHub release while carrying malicious code.

    Show sources
    Open in new tab
  2. 12.05.2026 01:03 2 articles · 15d ago

    Checkmarx warns about the rogue Jenkins AST plugin

    Initial Disclosure

    Checkmarx warned that a modified Checkmarx Jenkins AST plugin had been published to the Jenkins Marketplace and advised users to stay on version 2.0.13-829.vc72453fa_1c16 or older, rotate all secrets, and investigate for lateral movement or persistence.

    Show sources
    Open in new tab