TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

By rooter

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack.
The workflows, both maintained by the supply chain security company Checkmarx, are listed below –

checkmarx/ast-github-action
checkmarx/kics-github-action

Cloud security

Oh hi there đŸ‘‹
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there đŸ‘‹
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

rooter
Cyber Security

5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents

rooter
Cyber Security

The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills

rooter

Leave a Reply

You Missed

News

Orbital data centers, part 1: There’s no way this is economically viable, right?

News

The ‘Mandalorian and Grogu’ Hot Toys Figures Want You to Know Pedro Pascal Is Under That Helmet

News

The Live-Action ‘Moana’ Really Thought About the Maui Wig, Despite It Looking Like That

Cyber Security

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials