Checkmarx Jenkins AST Plugin Vulnerability Exposed in Sneaky Supply Chain Hack

Anuj May 11, 2026
www.news4hackers.com-checkmarx-jenkins-ast-plugin-vulnerability-exposed-in-sneaky-supply-chain-hack-checkmarx-jenkins-ast-plugin-vulnerability-exposed-in-sneaky-supply-chain-hack
Post Views: 109

Supply Chain Attack Compromises Jenkins AST Plugin

On Friday, Checkmarx issued a warning about a malicious version of its Jenkins AST plugin being published as part of a supply chain attack.

What is the Jenkins AST Plugin?

The plugin allows users to integrate the functionality of the Checkmarx One platform into Jenkins pipelines, enabling them to scan source code using the Checkmarx AST platform.

According to Checkmarx, “a modified version of the plugin was published to the Jenkins Marketplace, prompting the company to release a new version of the plugin.”

Users Advised to Update to Latest Version

Compromised Plugin Linked to Previous Supply Chain Attack

The compromised plugin is linked to the Trivy supply chain attack, which occurred in March. During this incident, the TeamPCP hacker group gained access to Checkmarx’s repositories and published malicious artifacts. A second wave of malicious artifacts was subsequently published, followed by the public release of data allegedly stolen from the company’s repositories.

Importance of Ensuring Up-to-Date Plugins and Software Components

As a result of this incident, Checkmarx has stressed the importance of ensuring the use of up-to-date plugins and software components within their ecosystems. This highlights the ongoing need for vigilance in identifying and addressing potential vulnerabilities in supply chains.

Related Incidents:

  • The vendor stated that the Daemon Tools supply chain attack contained malware.
  • The potential impact of AI coding agents on future supply chain crises.
  • A vulnerability in the Gemini CLI that could have led to code execution and supply chain attacks.
  • A breach affecting 1,800 companies through the Mini Shai-Hulud attack on SAP, Lightning, and Intercom.



About Author

Anuj

See author's posts

More Stories

www.news4hackers.com-omada-identity-sovereign-addresses-europe-s-digital-sovereignty-demands-omada-identity-sovereign-addresses-europe-s-digital-sovereignty-demands-2

Mavenir Automates Autonomous Networks Using NOC Knowledge

Anuj June 23, 2026
www.news4hackers.com-omada-identity-sovereign-addresses-europe-s-digital-sovereignty-demands-omada-identity-sovereign-addresses-europe-s-digital-sovereignty-demands-1

Hack The Box Enhances Cybersecurity Readiness with Crisis Simulations & SOC Training

Anuj June 23, 2026
www.news4hackers.com-omada-identity-sovereign-addresses-europe-s-digital-sovereignty-demands-omada-identity-sovereign-addresses-europe-s-digital-sovereignty-demands

Omada Identity Sovereign Addresses Europe’s Digital Sovereignty Demands

Anuj June 23, 2026

Latest Cyber Security News

www.news4hackers.com-flare-launches-new-cti-capabilities-with-okta-integration-flare-launches-new-cti-capabilities-with-okta-integration-4

Forescout Enhances PQC Visibility for IT, OT, IoT, and IoMT Security

Anuj June 25, 2026
www.news4hackers.com-flare-launches-new-cti-capabilities-with-okta-integration-flare-launches-new-cti-capabilities-with-okta-integration-3

YesWeHack AI-Powered Penetration Testing Automation

Anuj June 25, 2026
www.news4hackers.com-flare-launches-new-cti-capabilities-with-okta-integration-flare-launches-new-cti-capabilities-with-okta-integration-2

Entrust Biometrics for Secure User Verification in High-Risk Transactions

Anuj June 25, 2026
www.news4hackers.com-flare-launches-new-cti-capabilities-with-okta-integration-flare-launches-new-cti-capabilities-with-okta-integration-1

Seemplicity AI Security Analysts Prioritize Remediation of Exploitable Risks

Anuj June 25, 2026
www.news4hackers.com-flare-launches-new-cti-capabilities-with-okta-integration-flare-launches-new-cti-capabilities-with-okta-integration

Flare Launches New CTI Capabilities with Okta Integration

Anuj June 25, 2026
en_USEnglish
en_USEnglish