Checkmarx vs TeamPCP
TeamPCP repeatedly compromised Checkmarx-controlled developer tooling in 2026, including GitHub Actions, OpenVSX extensions, Docker images, VS Code extensions, and the Jenkins AST Scanner plugin.
Story
The 2026 Checkmarx incidents were not one bad build. TeamPCP returned across several months and several trusted developer channels, repeatedly targeting security tooling that naturally runs next to source code, CI secrets, cloud credentials, and deployment material.
The first public wave landed on March 23. Malicious OpenVSX extensions and altered GitHub Actions tags put attacker code into IDE and CI paths that users expected to be Checkmarx-controlled. The payloads searched runners and developer machines for credentials, process environments, SSH material, cloud metadata, Kubernetes tokens, and other secrets that a scanner is unusually well positioned to see.
The April wave widened the same pattern. Checkmarx reported malicious artifacts in a public KICS DockerHub image, the AST GitHub Action, and both Microsoft Marketplace and OpenVSX IDE-extension channels. The exposure windows differed by channel, which is why the linked records stay separated by date and distribution boundary instead of being collapsed into one artifact list.
The May compromise moved into Jenkins. A backdoored Checkmarx AST Scanner plugin reached the Jenkins Marketplace as version 2026.5.09, putting the attack inside build controllers that often hold long-lived credentials and deployment authority. Public reporting also described TeamPCP taunts on the plugin repository, matching the actor's habit of pairing access with public pressure.
This campaign record ties the repeated actor, payload grammar, infrastructure, and Checkmarx trust surface together. The individual attack records remain the operational unit for defenders: March GitHub Actions and OpenVSX extensions, April scanner images and IDE channels, and the May Jenkins plugin compromise each require a different inventory query and cleanup path.
Linked Attacks
2026
A malicious 2026.5.09 Checkmarx AST Scanner release reached the Jenkins Marketplace. The plugin put CI systems at risk by running attacker code inside trusted build infrastructure.
A second Checkmarx wave hit DockerHub, GitHub Actions, VS Code Marketplace, and OpenVSX. The affected artifacts again put developer and CI credentials at risk.
TeamPCP poisoned Checkmarx GitHub Actions and OpenVSX extensions. The payload hunted CI, cloud, SSH, Kubernetes, and developer credentials from trusted scanning tools.
Campaign Context
- Actor
- TeamPCP
- Attribution
- Group
- Cause
- Unknown
Affected Packages
- checkmarx/ast-github-action 2.3.32
- checkmarx/kics-github-action
- checkmarx.ast-results 2.53.0
- checkmarx.cx-dev-assist 1.7.0
- checkmarx/ast-github-action 2.3.35
- checkmarx/kics v2.1.20-debian, v2.1.21-debian, v2.1.21, +1
- checkmarx.ast-results 2.63, 2.66
- checkmarx.cx-dev-assist 1.17, 1.19
- checkmarx-ast-scanner 2026.5.09
Notes
- This campaign intentionally spans multiple months. The linked attacks remain separate because the compromised distribution channels and response timelines differed.
External References
- Update: Ongoing Checkmarx Supply Chain Security Incidentcheckmarx.com
- Update: Ongoing Checkmarx Supply Chain Security Incidentcheckmarx.com
- KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attackwiz.io
- Checkmarx KICS GitHub Action Compromised: Malware Injected in All Git Tagsstepsecurity.io
- Update: Ongoing Checkmarx Supply Chain Security Incidentcheckmarx.com
- Checkmarx Jenkins Plugin Backdoored in New TeamPCP Supply Chain Attacksocradar.io
- Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotagedtheregister.com
- Checkmarx AST Scanner Jenkins Update Metadataupdates.jenkins.io
- Checkmarx AST Scanner Jenkins Plugin Releasesplugins.jenkins.io
Source record: proprietary/campaigns/checkmarx-vs-teampcp-2026/meta.yaml