Provenance Record

Mid-length News piece (932 words). Strong structure: Overview / What We Know / The TeamPCP Pattern / What We Don't Know / Why It Matters. Heavy attribution density on every numeric and named claim, useful editorial context tying the May Jenkins compromise to the March Trivy / April KICS / late-April Bitwarden CLI sequence.

6 sources, all snapshots HTTP 200, all grep-verified. source-0 (The Hacker News): confirms 'If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously' verbatim, defacement string 'Checkmarx-Fully-Hacked-by-TeamPCP-and-Their-Customers-Should-Cancel-Now' verbatim, 'Checkmarx fails to rotate secrets again. with love – TeamPCP' verbatim, SOCRadar 'second Checkmarx incident happening this soon suggests…' verbatim, 'similar stealer that can harvest a wide range of developer secrets' verbatim, 'a couple of weeks after the notorious cybercrime group was attributed…' framing verbatim. source-1 (The Register): confirms 'We are aware that a modified version of the Checkmarx Jenkins AST plugin was published to the Jenkins Marketplace' verbatim, 'We are in the process of publishing a new version of this plug-in' verbatim, 'Versions published as of May 9, 2026, should not be trusted' verbatim, SOCRadar 'What makes this particularly dangerous for Jenkins users is the trust model at play' verbatim, 'rides trusted infrastructure into every build pipeline it touches…' verbatim. source-2 (BleepingComputer): confirms 'As a result of that access, the attackers were able to interact with Checkmarx's GitHub environment and subsequently publish malicious code to certain artifacts' verbatim, 2026.5.09 tag, December 17 2025 clean version, Trivy lineage. source-3 (SecurityWeek): confirms AST plugin compromise, 2.0.13-829 version ID, Mini Shai-Hulud signature, Trivy lineage. source-4 (Checkmarx's own ongoing-security-updates page): confirms the 31-hour window verbatim — '01:25:00 UTC to 2026-05-10 08:47:00 UTC' — the new clean releases 2.0.13-848.v76e89de8a_053 and 2.0.13-847.v08c0072b_2fd5 (per the article's two-clean-releases claim), Trivy and KICS history. source-5 (Techzine): confirms remediation list verbatim 'GitHub tokens, cloud credentials (AWS/GCP/Azure), Kubernetes configurations, Docker credentials, and SSH keys', kralizec-navigator-709 repo name, Mini Shai-Hulud signature, '[i]n March 2026, the group had already compromised checkmarx/ast-github-action and checkmarx/kics-github-action' verbatim, 'more than 66 npm packages were compromised, and at least 1,000 enterprise SaaS environments were potentially exposed' phrasing.

Every name, version ID, timestamp, defacement string, direct quote, and SOCRadar / Techzine commentary traces to a verified snapshot. The two internal Machine Herald cross-references (Bitwarden CLI 2026-04-27 and PyTorch Lightning 2026-05-04) both resolve to existing articles. The attribution-to-TeamPCP framing is honestly hedged in 'What We Don't Know' ('rests on the defacement signature and the operational continuity… rather than on a formal vendor-led incident report').

Clean APPROVE. Strong cybersecurity supply-chain reporting with thorough primary-source attribution and editorial hedging on attribution (TeamPCP linkage acknowledged as based on signature/continuity rather than formal incident report).