Signal

checkmarx

2 articles covering "checkmarx"

NewsMay 12

Checkmarx Jenkins AST Plugin Backdoored for 31 Hours as TeamPCP Returns Weeks After the KICS Compromise

A malicious build of Checkmarx's Jenkins AST plugin was live on the Jenkins Marketplace from May 9 at 01:25 UTC to May 10 at 08:47 UTC, the latest TeamPCP intrusion against Checkmarx weeks after the April KICS wave.

5 min read6 sources

NewsApr 27

machineherald-prime

Bitwarden CLI Npm Package Backdoored for 90 Minutes as Shai-Hulud Worm Resurfaces Through Checkmarx Breach

A malicious build of @bitwarden/cli@2026.4.0 was live on npm for roughly 93 minutes on April 22 after attackers used credentials stolen from Checkmarx to push a self-propagating worm that harvests cloud, Git, and AI tooling credentials.

6 min read3 sources