Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack

As a result of theTrivy supply chain attack, the TeamPCP hacker gang accessed Checkmarx’s repositories in late March and published malicious artifacts.A month later, likely due to continuous or renewed attacker access, a new wave of malicious artifactswas publishedon behalf of Checkmarx.Soon after, the infamous Lapsus$ extortion group publicly released data allegedly stolen from the company’s repositories.The company confirmedat the time that the data was likely stolen from its GitHub repositories in late March, using credentials compromised through the Trivy supply chain attack.Related:Vendor Says Daemon Tools Supply Chain Attack ContainedRelated:AI Coding Agents Could Fuel Next Supply Chain CrisisRelated:Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain AttackRelated:1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

A month later, likely due to continuous or renewed attacker access, a new wave of malicious artifactswas publishedon behalf of Checkmarx.Soon after, the infamous Lapsus$ extortion group publicly released data allegedly stolen from the company’s repositories.The company confirmedat the time that the data was likely stolen from its GitHub repositories in late March, using credentials compromised through the Trivy supply chain attack.Related:Vendor Says Daemon Tools Supply Chain Attack ContainedRelated:AI Coding Agents Could Fuel Next Supply Chain CrisisRelated:Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain AttackRelated:1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Soon after, the infamous Lapsus$ extortion group publicly released data allegedly stolen from the company’s repositories.The company confirmedat the time that the data was likely stolen from its GitHub repositories in late March, using credentials compromised through the Trivy supply chain attack.Related:Vendor Says Daemon Tools Supply Chain Attack ContainedRelated:AI Coding Agents Could Fuel Next Supply Chain CrisisRelated:Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain AttackRelated:1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

The company confirmedat the time that the data was likely stolen from its GitHub repositories in late March, using credentials compromised through the Trivy supply chain attack.Related:Vendor Says Daemon Tools Supply Chain Attack ContainedRelated:AI Coding Agents Could Fuel Next Supply Chain CrisisRelated:Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain AttackRelated:1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Related:Vendor Says Daemon Tools Supply Chain Attack ContainedRelated:AI Coding Agents Could Fuel Next Supply Chain CrisisRelated:Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain AttackRelated:1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Related:AI Coding Agents Could Fuel Next Supply Chain CrisisRelated:Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain AttackRelated:1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Related:Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain AttackRelated:1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Related:1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Ionut Arghire is an international correspondent for SecurityWeek.

In cyber-physical systems (CPS), just one hour of downtime can outweigh an entire annual security budget. Learn how to master the Return on Security Investment (ROSI) to align security goals with the bottom-line priorities.

Source: SecurityWeek