Compromise of Checkmarx Jenkins AST Plugin by TeamPCP (Campaign)

Attackers identified as TeamPCP compromised internal resources and publishing credentials to distribute a malicious update to the Checkmarx AST Scanner Jenkins Plugin via the official channel; the update contained a backdoored cli.js that exfiltrated Jenkins credentials, and attackers temporarily controlled a related GitHub repository exposing sensitive data (including a revoked PAT).