Official CheckMarx Jenkins package compromised with infostealer

SITREP: Checkmarx has reported that a compromised version of its Jenkins Application Security Testing plugin was published on the Jenkins Marketplace. This rogue plugin is associated with an infostealer malware. TACTICAL ASSESSMENT: The incident highlights vulnerabilities in software supply chains, particularly in widely used development tools. This breach could undermine trust in the Jenkins ecosystem and potentially expose sensitive data for organizations utilizing the compromised plugin. PROJECTED VECTORS: Further investigations may reveal additional compromised plugins or similar threats targeting other software development tools.