The supply chain compromise initiated by the threat actor TeamPCP began with the injection of malicious credential-stealing payloads into Aqua Security's Trivy, a popular open-source vulnerability scanner used in CI/CD pipelines. This attack, starting on March 19, 2026, targeted thousands of repositories by embedding malicious code within the Trivy GitHub Action. The payload was designed to harvest sensitive secrets directly from the memory of GitHub runners during pipeline execution, query cloud metadata services to gather environment and credential information, and exfiltrate this data in encrypted form to attacker-controlled typosquatted domains such as 'aquasecurtiy.org' and 'checkmarx.zone'. Approximately four days later, TeamPCP expanded the attack to Checkmarx's AST (Application Security Testing) GitHub Action, employing identical techniques but targeting a different supply chain component. This cascading attack highlights the risk of transitive supply chain compromises, where one compromised action enables further infiltration and credential harvesting across dependent actions and repositories. Despite changes in the delivery mechanism, the underlying malicious behavior remained consistent, allowing runtime detection tools to identify and mitigate the threat effectively. The attack leverages techniques mapped to MITRE ATT&CK tactics such as TA0010 (Exploitation of Software Supply Chain), TA0009 (Collection), T1552.005 (Credentials from Web Browsers or Cloud Metadata), and T1102 (Web Service). No CVE or patch links are currently available, and no known exploits in the wild have been reported, but the widespread use of these GitHub Actions in CI/CD pipelines makes the threat significant. The attack underscores the importance of securing CI/CD workflows and monitoring for anomalous runtime behaviors.

This supply chain compromise can have severe consequences for organizations worldwide that rely on Aqua Security's Trivy and Checkmarx's AST GitHub Actions in their CI/CD pipelines. By harvesting credentials and secrets from runner memory and cloud metadata, attackers can gain unauthorized access to cloud environments, source code repositories, and other critical infrastructure. This can lead to data breaches, intellectual property theft, unauthorized deployments, and further lateral movement within organizational networks. The cascading nature of the attack means that once one action is compromised, it can be used to infiltrate additional dependencies, exponentially increasing the attack surface and potential damage. Organizations may face operational disruptions, reputational damage, regulatory penalties, and financial losses. The attack also undermines trust in widely used open-source and commercial CI/CD tools, potentially affecting software supply chain integrity on a global scale. Although no known exploits in the wild have been reported yet, the threat actor's demonstrated capability to compromise multiple supply chain components suggests a high risk of future exploitation.

Organizations should immediately audit their CI/CD pipelines for usage of Aqua Security's Trivy and Checkmarx's AST GitHub Actions and consider temporarily disabling or replacing these actions until verified clean versions are available. Implement strict secrets management practices, including the use of ephemeral credentials and least privilege principles, to minimize the impact of credential theft. Employ runtime behavioral detection tools capable of monitoring GitHub Actions execution to identify anomalous memory access, cloud metadata queries, and suspicious network exfiltration attempts. Validate and whitelist domains used by legitimate actions to detect typosquatting domains such as 'aquasecurtiy.org' and 'checkmarx.zone'. Rotate all potentially exposed secrets and credentials immediately. Enforce multi-factor authentication and monitor cloud environments for unusual access patterns. Adopt supply chain security best practices such as signing and verifying GitHub Actions, using dependency scanning tools, and maintaining an allowlist of trusted actions. Engage with vendors for patches or updates and subscribe to threat intelligence feeds for timely alerts. Finally, conduct thorough incident response planning and tabletop exercises focused on supply chain compromise scenarios.