Official CheckMarx Jenkins package compromised with infostealer

Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been ...
ZDNet

Security flaws in 100+ Jenkins plugins put enterprise networks at risk

A security researcher has found and reported security flaws in more than 100 different Jenkins plugins over the last 18 months, and despite efforts to notify developers, many of these plugins have not ...
SecurityWeek

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack

Checkmarx warned that a malicious version of its Jenkins AST plugin was published in a software supply chain attack.
The Hacker News

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

TeamPCP compromised a Checkmarx Jenkins plugin in 2026, exposing supply chain security gaps and credential risks.
Bleeping Computer

Jenkins discloses dozens of zero-day bugs in multiple plugins

On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be ...
TheServerSide

Don't let plugins open up more Jenkins vulnerabilities

With every new software development project, there comes the reality that new bugs may be introduced into the system, especially when that new project integrates with a number of other important ...
TheServerSide

Manage Jenkins vulnerabilities via Security Advisory page

Despite your best attempts, security vulnerabilities will undoubtedly pop up in your Jenkins automation server. Hackers will target these weak areas to gain access and do damage to your system. If you ...