TeamPCP expands: Supply chain compromise spreads from Trivy to Checkmarx GitHub Actions | Sysdig

sysdig.com

The Sysdig Threat Research Team (TRT) reveals how TeamPCP’s supply chain attack spread from Trivy to Checkmarx, reusing stolen CI/CD credentials to compromise GitHub Actions and evade traditional detection.

2 pages link to this URL

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

isc.sans.edu Jun 1, 2011

2 inbound links en

Cooldown periods for package updates

Marek Šuppa Marek Šuppa Mar 31, 2026

Personal site of Marek Šuppa — writing, teaching, and learning.

0 inbound links article en securitysupply-chainnpmpythonuvpnpmbun