Cybersecurity firm Checkmarx has warned that a malicious version of its Jenkins AST plugin was published to the Jenkins Marketplace as part of an ongoing supply chain attack. The incident stems from a security breach that began in March when the TeamPCP hacker gang accessed Checkmarx's repositories through a separate Trivy supply chain attack, later followed by data exposure from the Lapsus dollar extortion group. Checkmarx has since released an updated, clean version of the plugin and is urging users to ensure they're running the latest secure iteration available on both GitHub and the Jenkins Marketplace.