Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

TeamPCP Supply Chain Attack Campaign Targets Trivy, Checkmarx (KICS), and LiteLLM (Potential Downstream Impact to Additional Projects)

The threat actor TeamPCP has recently launched a coordinated campaign targeting security tools and open-source developer infrastructure by pivoting with stolen CI/CD secrets and signing credentials (such as GitHub Actions tokens and release signing keys). At the time of writing, repositories for Trivy, Checkmarx, and LiteLLM have been impacted, and reports indicate that at least 1,000 enterprise software-as-a-service (SaaS) environments may be affected by this threat campaign.

Major Security Event: Supply Chain Compromise in LiteLLM Versions 1.82.7 and 1.82.8

A supply chain compromise that impacted the Python package LiteLLM, with malicious versions 1.82.7 and 1.82.8 was published to PyPI on March 24, 2026. Bitsight Threat Intelligence, public reporting and vendor disclosures indicate the malicious releases included credential harvesting, Kubernetes-focused lateral movement, and persistence mechanisms, creating serious risk for cloud-native and AI-related environments that installed or ran the affected versions.

Trivy's March Supply Chain Attack Shows Where Secret Exposure Hurts Most

The Trivy story is moving quickly, and the latest reporting makes one thing clear: this is no longer just a GitHub Actions tag hijack. What started as a compromise of trivy-action, setup-trivy, and the v0.69.4 release has expanded into malicious Docker Hub images.

When Your Friend's House Burns Down Twice: The Trivy Supply Chain Attacks Explained

We’ve been going back and forth on whether to publish this post. As the maintainers of Kubescape, a fellow CNCF open-source security project, we feel the weight of what happened to Trivy not as distant observers, but as people who see their successes and failures as our own. The Trivy maintainers are our friends. We share the same CNCF community, attend the same KubeCon-s, and fight the same fights (and share the same flights ).

What to Know About Security Camera Systems and Cyber Risk

Modern office buildings rely on networked cameras to keep people and property safe. Most people see a camera and feel a sense of protection. They do not often think about the wires or the data behind the lens. These devices are small computers that live on your main business network. They send video signals through cables hidden in the walls and ceilings. If these paths are not secure, the whole system can fail.

From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise

While investigating a spike in script execution detections across several CrowdStrike Falcon platform customers, CrowdStrike’s Engineering team traced the activity to a compromised GitHub Action named aquasecurity/trivy-action. This popular open-source vulnerability scanner is frequently used in CI/CD pipelines.

Tackling Third-Party Risks: The Persistent Software Supply Chain Challenge

Modern software development relies on open-source components to accelerate innovation. This efficiency, however, introduces significant risk. Your application’s security is now tied to a vast and complex supply chain of code you did not write. The persistent software supply chain challenge is that this external code is a primary source of critical vulnerabilities and a hard.

Scorched Earth: Wiper Attacks are the New Face of Cyber War

Sure, they would vastly prefer targeting organizations in the opponent’s supply chain (which is why new requirements like CMMC are absolutely crucial), but every organization that is affiliated with or operates in the adversary’s territory becomes a target no matter how large or small.