TeamPCP has been found backdooring Checkmarx Jenkins plugin in a new supply chain attack.
SOCRadar security researchers have been tracking this activity and have included their analysis in a new post Checkmarx Jenkins Plugin Backdoored in New TeamPCP Supply Chain Attack:
- They’re seeing Checkmarx hit twice in weeks, and the attacker confirmed why in their own defacement note: incomplete secret rotation after March. This isn’t bad luck, it’s an unfinished remediation.
- The researchers broader concern is CI/CD pipelines as a category. Build environments are routinely underprotected despite holding credentials that unlock everything in production. A backdoored security scanner is the worst-case version of that blind spot.
- SOCRadar researchers are also reading TeamPCP’s activity across PyPI, npm, GitHub Actions, and now Jenkins as a coordinated sweep, not isolated incidents. And if you’re hunting right now, the Dune-themed repository names across their infrastructure are a concrete detection signal worth chasing.
According to SOCRadar researchers:
“What makes this particularly dangerous for Jenkins users is the trust model at play. The Checkmarx Jenkins plugin is a tool people install specifically to improve the security of their pipelines. A backdoored version doesn’t just compromise one project; it rides trusted infrastructure into every build pipeline it touches, with
The report can be found here: Checkmarx Jenkins Plugin Backdoored in New TeamPCP Supply Chain Attack
Related
This entry was posted on May 11, 2026 at 3:49 pm and is filed under Commentary with tags SOCRadar. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Checkmarx Jenkins Plugin Backdoored in New TeamPCP Supply Chain Attack
TeamPCP has been found backdooring Checkmarx Jenkins plugin in a new supply chain attack.
SOCRadar security researchers have been tracking this activity and have included their analysis in a new post Checkmarx Jenkins Plugin Backdoored in New TeamPCP Supply Chain Attack:
According to SOCRadar researchers:
“What makes this particularly dangerous for Jenkins users is the trust model at play. The Checkmarx Jenkins plugin is a tool people install specifically to improve the security of their pipelines. A backdoored version doesn’t just compromise one project; it rides trusted infrastructure into every build pipeline it touches, with
The report can be found here: Checkmarx Jenkins Plugin Backdoored in New TeamPCP Supply Chain Attack
Share this:
Like this:
Related
This entry was posted on May 11, 2026 at 3:49 pm and is filed under Commentary with tags SOCRadar. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.