Checkmarx warned on May 11, 2026 that the threat group TeamPCP published a backdoored version of its Jenkins AST plugin to the Jenkins Marketplace — the third wave in an ongoing supply chain campaign against Checkmarx developer tooling that began when the group first breached Checkmarx source code repositories in March 2026.
TeamPCP’s Three-Wave Campaign: From Trivy to KICS to the Jenkins AST Plugin
The Checkmarx Jenkins AST scanner plugin integrates the Checkmarx One Static Application Security Testing (SAST) platform directly into Jenkins CI/CD pipelines, enabling automated security analysis of source code during build processes. Jenkins instances that pulled plugin version 2026.5.09 during the exposure window installed a backdoored copy with an unknown payload — giving the attacker privileged access to a component that runs with elevated permissions across all repositories in the affected CI/CD pipeline.
TeamPCP first breached Checkmarx’s source code repositories in late March 2026 during the broader Trivy open-source scanner supply chain incident. The access obtained during that initial breach included repository credentials that the group subsequently used for sustained follow-on attacks. In April, TeamPCP used those credentials to publish malicious KICS (Keeping Infrastructure as Code Secure) Docker images and Visual Studio Code extensions through Checkmarx-affiliated channels.
The May 11 Jenkins plugin compromise represents the third documented attack wave, suggesting that despite two prior rounds of remediation activity by Checkmarx, TeamPCP retained sufficient access to publish malicious artifacts to the Jenkins Marketplace. Checkmarx released a clean replacement version — 2.0.13-848.v76e89de8a_053 — on the same day as the disclosure.
Why the Checkmarx Jenkins AST Plugin Was TeamPCP’s Highest-Value Target
Security scanners installed in CI/CD pipelines occupy a privileged position in the software development lifecycle. A SAST plugin runs with the permissions of the CI/CD build agent, processes every file in every repository that passes through the pipeline, and operates under the implicit trust that organizations extend to security infrastructure. The Checkmarx AST plugin is specifically designed to access source code — the most sensitive intellectual property in a software development environment — making it an ideal vessel for exfiltration.
Any Jenkins instance running the compromised version 2026.5.09 should be treated as having potentially exposed source code from all repositories scanned during the exposure window. The arbitrary code execution capability of the backdoor means that credential files, secrets stored in build environments, and downstream deployment infrastructure accessible from the build agent should also be included in a compromise assessment.
TeamPCP’s Connection to the PCPJack Cloud Worm and Wider Threat Operations
TeamPCP has been linked by security researchers to the PCPJack cloud credential-harvesting worm — a framework designed to actively remove competing infections from compromised cloud systems, suggesting a profit-focused operation treating compromised infrastructure as a managed resource rather than a one-time exploitation opportunity. The worm’s self-defensive behavior, removing other malware from compromised hosts to maintain exclusive access, is characteristic of financially motivated criminal operations that view cloud and developer infrastructure as a revenue-generating asset.
Checkmarx Customers Should Audit Build Logs From the May 11 Exposure Window
Organizations using Checkmarx in Jenkins CI/CD pipelines should immediately update to version 2.0.13-848.v76e89de8a_053. Beyond the update, Checkmarx and security researchers advise treating the May 11 exposure window as a potential source code disclosure event, auditing Jenkins build logs for any unexpected network connections or file access patterns originating from the plugin, and rotating credentials and secrets stored in build environments accessible to the Checkmarx plugin.
Remediating a supply chain compromise requires comprehensive revocation of all credentials and access tokens exposed during the initial breach, not only those used in the most recently observed attack — all three TeamPCP waves drew on the same March credentials despite two prior rounds of Checkmarx remediation.
