1. TeamPCP Injects Compromised Version Into Checkmarx Jenkins AST Plugin on Jenkins Marketplace
Checkmarx has confirmed a supply chain compromise targeting its Jenkins AST plugin, with a malicious version successfully published to the Jenkins Marketplace by an actor identified as TeamPCP. The incident follows a separate supply chain attack on Checkmarx's KICS (Keeping Infrastructure as Code Secure) tool just week...