RSS
Last updated: May 13, 2026 at 5:42 AM UTC
All 208 Vulnerability 72 Breach 41 Threat 88 Defense 7
Tag: checkmarx (4 articles)Clear
threat
2026-05-12

Checkmarx Jenkins AST plugin backdoored by TeamPCP - third Checkmarx supply chain hit since late March

TeamPCP, the group behind the March Trivy breach and Shai-Hulud npm worm, used credentials stolen in that March attack to publish a backdoored version of Checkmarx's Jenkins AST plugin to the Jenkins Marketplace. This is the third Checkmarx supply-chain hit since late March. The rogue version 2026.5.09 went up on May 9, outside Checkmarx's normal release process - no git tag, no GitHub release. Checkmarx says its GitHub repos are isolated from customer production and no customer data is stored there, but anyone who installed the bad plugin should assume their CI credentials are compromised, rotate them all, and hunt for lateral movement.

teampcpsupply-chaincheckmarxjenkinsci-cd
Check
Check whether your Jenkins instances have the Checkmarx AST plugin installed. If yes, verify the running version - anything dated 2026.5.09 in the version string is the malicious build.
Affected
Any Jenkins instance running the rogue Checkmarx Jenkins AST plugin version 2026.5.09, which was published to the Jenkins Marketplace on May 9, 2026, between then and Checkmarx's takedown. The plugin was outside Checkmarx's normal release pipeline and lacked both a git tag and a GitHub release.
Fix
Roll back to version 2.0.13-829.vc72453fa_1c16 published December 17, 2025, or any earlier officially-tagged build. Rotate every credential the Jenkins host had access to, including cloud API keys, source-repo tokens, deployment keys, and signing certificates. Hunt for lateral movement from the Jenkins host. Pull Checkmarx's published IoC list from their Support Portal and run it across your environment.
breach
2026-04-25

Checkmarx confirms its source code, employee database, and cloud credentials were posted on the dark web after the March supply-chain attack

Checkmarx confirmed Friday that data from its private GitHub repository was posted on the dark web following the March 23 TeamPCP supply-chain attack. The LAPSUS$ group published the dump, which includes Checkmarx source code, an employee database, API keys, and MongoDB and MySQL credentials. Checkmarx says the affected GitHub repository was separate from the customer Checkmarx One SaaS production environment, with no customer data stored in it. The bigger picture: an attack that started by poisoning a single GitHub Action 35 days ago has now produced a full source code, credentials, and employee data leak - under five weeks end to end.

checkmarxlapsusteampcpsupply-chaingithub-reposource-code-leakcredentialsfollow-on
Check
If your team uses Checkmarx KICS or AST GitHub Actions, the Checkmarx Open VSX extensions, or any Checkmarx self-hosted product, rotate every credential issued during March.
Affected
Organizations using Checkmarx KICS or AST GitHub Action versions pulled between 12:58 and 16:50 UTC on March 23. Checkmarx Open VSX extensions ast-results 2.53.0 and cx-dev-assist 1.7.0. Any environment where Checkmarx-issued API keys reach cloud accounts, repos, or CI/CD secret stores - those credentials may be in the leak.
Fix
Rotate every credential, API key, and integration token that touched Checkmarx tooling in March. Audit GitHub Actions logs for outbound traffic to checkmarx[.]zone or audit.checkmarx.cx. Pin GitHub Actions to immutable commit SHAs rather than version tags. Treat any Checkmarx-issued auth token from March as burned and reissue. Watch for follow-up phishing referencing real Checkmarx employees.
threat
2026-04-23

'Shai-Hulud: The Third Coming' worm pivots from Checkmarx KICS compromise into Bitwarden CLI, stealing SSH keys, cloud secrets, and MCP configs for AI coding tools

TeamPCP's self-propagating supply-chain worm is back in its third iteration, branded 'Shai-Hulud: The Third Coming' in hard-coded strings across the malware. On April 22, Socket reported Checkmarx's official KICS Docker images and a KICS VS Code / Open VSX extension had been trojanized. Bitwarden's own clients repo runs a Checkmarx scan on every pull request via a pull_request_target workflow that holds id-token: write and fetches credentials from Azure Key Vault, so when the poisoned scanner executed it harvested GitHub OIDC and Azure tokens. At 17:57 ET the same day, attackers used those tokens to push a modified publish-cli.yml to the Bitwarden repo and publish a malicious @bitwarden/cli version 2026.4.0 to npm. The package remained live for 93 minutes until Bitwarden pulled it at 19:30 ET. The payload: a 10MB obfuscated credential harvester that grabs SSH keys, cloud provider credentials, npm publish tokens, GitHub tokens, and - new in this variant - MCP (Model Context Protocol) configuration files used by Claude Code, Cursor, and similar AI coding tools. It then self-propagates by republishing into every npm package the victim can modify and uploads encrypted stolen secrets to public GitHub repositories under Dune-themed names. The worm has a Russian-locale kill switch (exits if LC_ALL/LANG starts with 'ru').

teampcpshai-huludbitwardencheckmarxkicssupply-chainnpmmcpclaude-codewormself-propagating
Check
Immediately check every CI/CD runner, developer laptop, and container that pulled Checkmarx KICS Docker images, the KICS GitHub Action, or @bitwarden/cli between March 23 and April 23, and rotate every credential that was ever present on those machines.
Affected
Confirmed malicious artifacts per Socket: @bitwarden/cli 2026.4.0 on npm (live 21:57 to 23:30 UTC on April 22, a 93 minute window); compromised Checkmarx KICS Docker images and GitHub Actions (first compromised March 23, re-compromised April 22); two Checkmarx-published Visual Studio Code and Open VSX extensions. Any npm package subsequently republished by a victim whose npm token this worm captured is also potentially malicious.
Fix
Remove the listed versions from all developer environments, CI runners, and private mirrors. Rotate every credential the worm would have seen: GitHub PATs and OIDC tokens, npm publish tokens, cloud provider keys (AWS/GCP/Azure), SSH keys, Azure Key Vault secrets, container registry creds, and MCP config files for AI coding tools - assume every credential stored in ~/.config, ~/.ssh, or exported to CI env is burned. Audit bitwarden/clients commit history for changes to publish-cli.yml and similar pipeline files around April 22. Search public GitHub for repositories named after Dune terms (beautifulcastle-* pattern) to find whether your stolen data has been published. Tighten pull_request_target triggers on security scanners - they should not have id-token: write permission.
threat
CVE-2026-33634
2026-03-27

TeamPCP's 9-day supply chain rampage - Trivy to LiteLLM to Checkmarx to Telnyx

One group, four major compromises, nine days. TeamPCP started by backdooring Aqua Security's Trivy vulnerability scanner on March 19 - then used the stolen CI/CD credentials to poison LiteLLM, Checkmarx tools, and Telnyx one after another. Each compromised tool handed them the keys to the next target. They've now partnered with the Vect ransomware gang to turn stolen access into extortion.

teampcpsupply-chaintrivylitellmcheckmarxtelnyxpypiransomware
Check
Audit any CI/CD pipeline that used Trivy, LiteLLM, or Telnyx between March 19-27.
Affected
Trivy (compromised tags March 19), LiteLLM 1.82.7-1.82.8, Checkmarx KICS GitHub Actions (March 23), Telnyx 4.87.1-4.87.2.
Fix
Pin all open-source dependencies to exact versions. Rotate all credentials exposed in affected pipelines. Treat affected environments as fully compromised.