Teampcp Expands Supply Chain Compromise Spreads From Trivy To Checkmarx Github Actions
Source: www.sysdig.com
Published:
<p>On March 19, 2026, the threat actor known as TeamPCP compromised Aqua Security's Trivy vulnerability scanner and its associated GitHub Actions, injecting a credential-stealing payload into CI/CD pipelines across thousands of repositories. The incident was widely reported, with detailed analysis f