A supply chain attack that started with a relatively obscure open-source scanner has now reached one of the most widely used application security tools in the industry. In May 2026, a malicious version of the Checkmarx Jenkins AST plugin was quietly published to the Jenkins Marketplace, exposing development pipelines to credential theft and unauthorized access. […]
The post TeamPCP Compromised Checkmarx Jenkins AST Plugin Following KICS Supply Chain Attack appeared first on Cyber Security News.