Tag: checkmarx
9 articles

Vulnerable Code Proliferates as AI Exploits Rise in Supply Chains
The alarming truth is that 75% of organizations are knowingly shipping vulnerable code, despite the risks, with the window from disclosure to exploit shrinking dramatically from 840 days in 2018 to just under two days today. This trend is expected to accelerate, with exploits potentially available in as little as one minute by 2028.

Checkmarx Plugin Compromised with Infostealer in Supply-Chain Attack
A rogue version of Checkmarx's Jenkins Application Security Testing plugin was compromised by the TeamPCP hacker group, who left a taunting message in the about section, claiming another supply-chain attack success. The group has been linked to a string of similar breaches, delivering credential-stealing malware.

TeamPCP Breaches Checkmarx Jenkins Plugin Again
If you're using the Checkmarx Jenkins AST plugin, make sure you're on a safe footing by using version 2.0.13-829.vc72453fa_1c16 or earlier, published on December 17, 2025, as newer versions may be vulnerable. Checkmarx has since released a patched version, 2.0.13-848.v76e89de8a_053, available on GitHub and the Jenkins Marketplace.

Checkmarx Plugin Sabotaged in Fresh TeamPCP Intrusion
Checkmarx issued a warning on May 9, 2026, that a tampered version of its Jenkins AST plugin had been released on the Jenkins Marketplace, posing a risk to continuous-integration pipelines. The company quickly responded by urging customers to update to a trusted version, 2.0.13-829.vc72453fa_1c16, to safeguard their systems.

Checkmarx GitHub Data Leaked by LAPSUS$ Hackers
Checkmarx confirmed that hackers from the LAPSUS$ group breached its GitHub repository on March 23, 2026, and published stolen data on April 22, after a series of supply-chain and credential-theft events. The attackers used the access to publish malicious code to certain artifacts, compromising the integrity of Checkmarx's software development process.

Supply-Chain Attack Targets Security, Dev Tools with Credential Theft
Malicious hackers are exploiting the very tools developers rely on, including security scanners and password managers, to steal sensitive credentials and gain unauthorized access. This latest supply-chain attack has already hit major players like Checkmarx, compromising their GitHub repository and potentially putting customer data at risk.

Checkmarx Breach Exposes GitHub Repository Data on Dark Web
Checkmarx revealed that a security breach, linked to a March 23 supply chain attack, exposed sensitive GitHub repository data, which has now surfaced on the dark web. The incident has been contained, with no customer data compromised, as the affected repository was separate from Checkmarx's customer production environment.

Bitwarden CLI Compromised in Checkmarx Supply Chain Attack
A rogue version of the Bitwarden CLI package, identified as @bitwarden/cli@2026.4.0, was compromised in a supply chain attack, stealing sensitive data like GitHub tokens and cloud secrets. The malicious code, hidden in a file called bw1.js, has already been distributed to users, putting their security at risk.

Malicious Docker Images Compromise Checkmarx Supply Chain
Malicious Docker images compromised the Checkmarx supply chain by embedding a tampered KICS binary that secretly collected and sent sensitive data to an external endpoint. This sneaky data-exfiltration risk put users at risk, thanks to an altered scan report generated by the poisoned image.