The Calyx Institute2d ago
Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign. Bitwarden confirmed the incident and said it stemmed from the compromise of its npm distribution mechanism following the Checkmarx supply chain attack, but emphasized that no end-user data was accessed as part of the attack. #privacy #password #Bitwarden #checkmarx #hacker #breach https://thehackernews.com/2026/04/bitwarden-cli-compromised-in-ongoing.html
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious npm code

The Hacker News
CyberVeille.chMay 17

📢 Le plugin Jenkins de Checkmarx compromis par TeamPCP dans une série d'attaques supply-chain
📝 ## 🔍 Contexte

Source...
📖 cyberveille : https://cyberveille.ch/posts/2026-05-15-le-plugin-jenkins-de-checkmarx-compromis-par-teampcp-dans-une-serie-d-attaques-supply-chain/
🌐 source : https://www.bleepingcomputer.com/news/security/official-checkmarx-jenkins-package-compromised-with-infostealer/
#Checkmarx #Checkmarx_Jenkins_AST_plugin__version_malveillante_2026_5_09_ #Cyberveille

Le plugin Jenkins de Checkmarx compromis par TeamPCP dans une série d'attaques supply-chain

🔍 Contexte Source : BleepingComputer, publié le 11 mai 2026. Checkmarx, société spécialisée en sécurité applicative, a alerté le week-end du 10-11 mai 2026 de la publication d’une version malveillante de son plugin Jenkins AST sur le Jenkins Marketplace. Il s’agit du troisième incident d’une série d’attaques supply-chain subies par Checkmarx depuis fin mars 2026. 🎯 Déroulement de l’attaque Le groupe TeamPCP a obtenu des credentials d’accès aux dépôts GitHub de Checkmarx lors d’une attaque antérieure sur le scanner de vulnérabilités Trivy en mars 2026. Ces credentials n’ayant pas été révoqués, les attaquants ont maintenu un accès pendant au moins un mois.

CyberVeille
CyberVeille.chMay 13

📢 Incident supply chain Checkmarx : artefacts compromis, exfiltration de données et publication par LAPSUS$
📝 ## 🔍 Contexte

Cet article est une mise à jo...
📖 cyberveille : https://cyberveille.ch/posts/2026-05-13-incident-supply-chain-checkmarx-artefacts-compromis-exfiltration-de-donnees-et-publication-par-lapsus/
🌐 source : https://checkmarx.com/blog/ongoing-security-updates/?is=e4f6b16c6de31130985364bb824bcb39ef6b2c4e902e4e553f0ec11bdbefc118
#Checkmarx #Docker #Cyberveille

Incident supply chain Checkmarx : artefacts compromis, exfiltration de données et publication par LAPSUS$

🔍 Contexte Cet article est une mise à jour officielle publiée par Checkmarx le 9 mai 2026 sur leur blog, relatant un incident de sécurité supply chain en cours ayant débuté le 23 mars 2026. L’article compile plusieurs mises à jour successives (23 mars, 22 avril, 26 avril, 27 avril, 9 mai 2026). 🗓️ Chronologie de l’incident 23 mars 2026 : Checkmarx identifie un incident supply chain lié à l’attaque TeamPCP ciblant le scanner Trivy (signalée le 19 mars). Des artefacts malveillants sont publiés sur OpenVSX et dans des GitHub Actions. L’attaquant pousse du code malveillant directement dans les dépôts GitHub de Checkmarx. 30 mars 2026 : Exfiltration de données depuis les dépôts GitHub de Checkmarx. 22 avril 2026 : Deuxième vague de publications d’artefacts malveillants (KICS DockerHub, ast-github-action, extensions VS Code), indiquant un accès persistant ou renouvelé de l’attaquant. 25 avril 2026 : LAPSUS$ publie sur le dark web des données estampillées du 30 mars, issues des dépôts GitHub de Checkmarx. 9 mai 2026 : Publication d’une version malveillante du plugin Jenkins AST (version 2026.5.09) sur le Jenkins Marketplace. 🎯 Artefacts compromis Vague 1 (23 mars 2026) :

CyberVeille
The New OilMay 13

Official #CheckMarx #Jenkins package compromised with #infostealer

https://www.bleepingcomputer.com/news/security/official-checkmarx-jenkins-package-compromised-with-infostealer/

#malware #cybersecurity

Official CheckMarx Jenkins package compromised with infostealer

Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace.

BleepingComputer
Sam Stepanyan  🐘May 12

#Checkmarx is breached again via its Jenkins plugin GitHub repo compromised in a software suply chain hack:
#SoftwareSupplyChainSecurity
👇

https://www.bleepingcomputer.com/news/security/official-checkmarx-jenkins-package-compromised-with-infostealer/

Official CheckMarx Jenkins package compromised with infostealer

Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace.

BleepingComputer
Daniel MarshMay 12

The official Checkmarx Jenkins plugin was compromised with an infostealer, attributed to TeamPCP, marking a recurring supply-chain incident. This breach wasn't a quick hit; the actor maintained access for over a month, exploiting stolen credentials from a prior attack and even taunting Checkmarx for failing to rotate secrets. It's a stark reminder of deep issues in developer tool security and…

https://www.tpp.blog/1yqjwps

#cybersecurity #checkmarx #jenkins

🤖 This post was AI-generated.

Analyst207May 11

Checkmarx Plugin Compromised with Infostealer in Supply-Chain Attack

A rogue version of Checkmarx's Jenkins Application Security Testing plugin was compromised by the TeamPCP hacker group, who left a taunting message in the about section, claiming another supply-chain attack success. The group has been linked to a string of similar breaches, delivering credential-stealing malware.

https://osintsights.com/checkmarx-plugin-compromised-with-infostealer-in-supply-chain-attack?utm_source=mastodon&utm_medium=social

#SupplyChainAttack #Teampcp #Jenkins #Checkmarx #Infostealer

Checkmarx Plugin Compromised with Infostealer in Supply-Chain Attack

Learn how TeamPCP compromised Checkmarx plugin with Infostealer in a supply-chain attack and protect your secrets now with expert security tips.

OSINTSights
Analyst207May 11

TeamPCP Breaches Checkmarx Jenkins Plugin Again

If you're using the Checkmarx Jenkins AST plugin, make sure you're on a safe footing by using version 2.0.13-829.vc72453fa_1c16 or earlier, published on December 17, 2025, as newer versions may be vulnerable. Checkmarx has since released a patched version, 2.0.13-848.v76e89de8a_053, available on GitHub and the Jenkins Marketplace.

https://osintsights.com/teampcp-breaches-checkmarx-jenkins-plugin-again?utm_source=mastodon&utm_medium=social

#Checkmarx #JenkinsPlugin #SupplyChain #Vulnerability #EmergingThreats

TeamPCP Breaches Checkmarx Jenkins Plugin Again

Update your Checkmarx Jenkins plugin now to prevent TeamPCP breaches; use version 2.0.13-829.vc72453fa_1c16 or later for security - read more here.

OSINTSights
Analyst207May 11

Checkmarx Plugin Sabotaged in Fresh TeamPCP Intrusion

Checkmarx issued a warning on May 9, 2026, that a tampered version of its Jenkins AST plugin had been released on the Jenkins Marketplace, posing a risk to continuous-integration pipelines. The company quickly responded by urging customers to update to a trusted version, 2.0.13-829.vc72453fa_1c16, to safeguard their systems.

https://osintsights.com/checkmarx-plugin-sabotaged-in-fresh-teampcp-intrusion?utm_source=mastodon&utm_medium=social

#Jenkins #Checkmarx #SupplyChain #PluginVulnerability #EmergingThreats

Checkmarx Plugin Sabotaged in Fresh TeamPCP Intrusion

Learn how the Checkmarx plugin was sabotaged in a TeamPCP intrusion and what steps to take now to secure your Jenkins AST plugin - read the latest update today.

OSINTSights
(in)sicurezza digitaleApr 30

LAPSUS$ colpisce Checkmarx: 95 GB di codice sorgente su dark web e la supply chain dei tool di sicurezza nel mirino

Il gruppo LAPSUS$ ha pubblicato sul dark web 95 GB di dati riservati di Checkmarx — codice sorgente, chiavi API, credenziali di database — frutto di un breach iniziato il 23 marzo 2026 tramite la campagna supply chain TeamPCP. L'incidente colpisce uno dei principali vendor di analisi statica del codice e mette a rischio i team DevSecOps che hanno usato le immagini Docker KICS o le estensioni VS Code nel periodo compromesso.

https://insicurezzadigitale.com/__trashed-2/