MEDIUMSupply Chain
Global

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack

·Source: SecurityWeek

Updated:

Executive Summary

A malicious version of the plugin was published to the Jenkins Marketplace late last week. The post Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack appeared first on SecurityWeek .

Analysis

A malicious version of the plugin was published to the Jenkins Marketplace late last week. The post Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack appeared first on SecurityWeek .
Source Attribution

Originally published by SecurityWeek on May 11, 2026.

Related Threats

MEDIUMSupply Chain

Build Application Firewalls Aim to Stop the Next Supply Chain Attack

Rather than scanning code alone, Build Application Firewalls inspect runtime behavior inside the software build pipeline. The post Build Application Firewalls Aim to Stop the Next Supply Chain Attack appeared first on SecurityWeek .

SecurityWeek
LOWSupply Chain

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

A malicious Hugging Face repository posing as an OpenAI release delivered infostealer malware to Windows systems and logged 244,000 downloads before being removed, raising fresh concerns about how enterprises source and validate AI models from public repositories. The repository, named Open-OSS/privacy-filter, impersonated OpenAI’s legitimate Privacy Filter release, copied its model card almost wo

CSO Online
CRITICALSupply Chain

1,800+ MCP servers exposed without authentication: How zero trust can secure the AI agent revolution

We find ourselves teetering upon a precipice of our own unwitting construction, and the vertiginous depth of our collective negligence ought to give every security practitioner profound pause. In our headlong rush to deploy AI agents across enterprise environments, we have erected an infrastructure so thoroughly unfortified that it beggars belief. The Model Context Protocol, which Anthropic unveil

CVE-2025-32711CVE-2025-6514
CSO Online