TEAMPCP is behind a modified version of the Jenkins AST plugin for Checkmarx, published to the Jenkins Marketplace weeks after the KICS Docker image supply chain attack. Checkmarx warned users to ensure they are running version 2.0.13-829.vc72453fa_1c16 published on December 17, 2025 or earlier, while the firm has since released 2.0.13-848.v76e89de8a_053 on GitHub and in the Jenkins Marketplace, with an incident update noting it is still publishing a new plugin version.
The development marks the latest move in a campaign attributed to TeamPCP targeting Checkmarx, following the compromise of its KICS Docker image and several other artefacts. The breach also coincided with the Bitwarden CLI npm package being briefly compromised to host a credential‑stealing malware, and TeamPCP has been linked to breaches since March 2026 as part of a broader supply‑chain campaign.
According to Adnan Khan and SOCRadar, TeamPCP gained unauthorized access to the plugin’s GitHub repository and renamed it with a defaced description. SOCRadar warned that the rapid re‑entry attempts indicate the group is testing remediations and seeking fresh entry points.