Advertisement
SU
HIGH
Supply Chain
TeamPCP Jenkins Plugin Compromise and Mini Shai-Hulud Worm Analysis
TeamPCP escalates its supply chain campaign with a confirmed Jenkins plugin compromise and a self-spreading worm targeting the npm and PyPI ecosystems.
Runtime Rebel Intel
3 min read·May 18, 2026
SU
HIGH
Supply Chain
Compromised Checkmarx Jenkins Plugin Spreads Infostealer
Official Checkmarx Jenkins AST plugin version 2023.2.7 was compromised with an infostealer, risking credentials and system data. Immediate uninstallation and credential
Runtime Rebel Intel
4 min read·May 12, 2026
CRITICAL
Supply Chain
Checkmarx Jenkins AST Plugin Compromised in TeamPCP Attack
TeamPCP compromised the Checkmarx Jenkins AST plugin on the Jenkins Marketplace. Defenders must revert to version 2.0.13 to secure CI/CD pipelines.
Runtime Rebel Intel
3 min read·May 11, 2026