TeamPCP backdoors CI plugin

CI plugins are supposed to be the guardrails. They scan code, enforce policy, and sit inside build pipelines to catch problems before release. But when one of those plugins gets backdoored, the guardrail becomes the breach. That is the shape of the Checkmarx story this week — a malicious version of its Jenkins AST plugin hit the Jenkins Marketplace on May 9, 2026, and the blast radius was every build agent that trusted the official integration. ### What actually got hit? The compromised package was the Checkmarx Jenkins AST plugin — the Jenkins add-on that connects CI jobs to Checkmarx One for application security scans. Checkmarx said the modified plugin was available in the Jenkins Marketplace from 2026-05-09 01:25 UTC until 2026-05-10 08:47 UTC, and it identified the malicious release as version 2026.5.09 with published SHA-256 hashes for the HPI, JAR, and POM files. (checkmarx.com) ### Why is a Jenkins plugin such a big deal? Because Jenkins agents are credential magnets. They often hold GitHub tokens, cloud keys, SSH material, package-manager credentials, and access to internal repos. A malicious scanner plugin does not need some exotic exploit chain — it just needs to run where the build already runs. That is what makes CI supply-chain attacks so nasty: the trust boundary is already inside the house. Checkmarx’s own incident page ties this event to broader attacker access into its GitHub environment after the March 2026 Trivy-linked supply-chain incident. (checkmarx.com) ### Was this an isolated mistake? No — that is the unsettling part. This Jenkins incident lands in the middle of an ongoing Checkmarx compromise window. Checkmarx said attackers likely gained access through credentials exposed in the March 23, 2026 supply-chain attack and later interacted with its GitHub repositories, published malicious artifacts, and exfiltrated repository data that was later leaked on April 25. In other words, the Jenkins plugin looks less like a one-off and more like continued attacker leverage. (checkmarx.com) ### What should users do right now? Checkmarx’s immediate guidance was blunt: if you use the Jenkins AST plugin, make sure you are on version 2.0.13-829.vc72453fa_1c16 from December 17, 2025 or earlier, or update to the newly published fixed builds. SecurityWeek noted that 2.0.13-848.v76e89de8a_053 is now available in GitHub and the Jenkins Marketplace. If the bad version touched your environment, you should treat build secrets as potentially exposed and rotate them. (checkmarx.com) ### So where does fsnotify fit in? fsnotify is a different kind of warning. There is no confirmed malicious release in the available reporting. The alarm came from maintainer-access changes and public confusion over who controlled the project, who could review changes, and who could cut releases. That sounds softer than malware, but for a low-level Go library with about 321,000 dependent projects on GitHub, governance confusion is already a supply-chain risk signal. (checkmarx.com) ### Why did that scare people so fast? Because open-source trust is partly technical and partly social. If a heavily used dependency suddenly has removed maintainers, deleted posts, and unclear release authority, downstream teams cannot easily tell whether they are seeing ordinary project drama or the first stage of a takeover. Socket’s write-up is clear on the current state — concern, not confirmed compromise. But the fact that users immediately jumped to supply-chain questions tells you how brittle trust has become after xz, tj-actions, and now repeated CI compromises. (socket.dev) ### What is the real lesson here? The old model was “scan your dependencies.” That is not enough anymore. You also need provenance checks, pinned versions, tighter plugin allowlists, short-lived CI credentials, and a habit of treating build tooling as production-critical software — because it is. A scanner plugin can steal secrets just as effectively as a trojanized app dependency, and a maintainer dispute can become a security event before any malware appears. (socket.dev) ### Bottom line? This week’s story is not just that TeamPCP backdoored a Checkmarx plugin. It is that the software supply chain now breaks in two ways at once — through confirmed malicious code and through collapsing trust around who controls the code. (checkmarx.com)