TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

Overview

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by the supply chain security company Checkmarx, are listed below - checkmarx/ast-github-action checkmarx/kics-github-action Cloud security

Organisations Involved

The following organisations are mentioned in relation to this incident: Actions Using Stolen, Credentials
Two, GitHub, Hacks Checkmarx.

Multi-Source Coverage

This event has been reported across multiple outlets:

• TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials — thehackernews

Sources: thehackernews. Aggregated by Cybernews Agency pipeline.