TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

SITREP: Checkmarx has confirmed a compromise of its Jenkins AST plugin, with a modified version published to the Jenkins Marketplace. Users are advised to revert to version 2.0.13-829.vc72453fa_1c16 or earlier to mitigate risks. TACTICAL ASSESSMENT: This incident follows a recent supply chain attack on KICS, indicating a potential trend of targeted attacks on software supply chains. The compromise of widely used plugins could lead to broader vulnerabilities across multiple organizations utilizing Jenkins. PROJECTED VECTORS: Further exploitation of compromised plugins may occur, leading to additional supply chain attacks or data breaches.