Tag

Ci/Cd

3 briefs RSS

TeamPCP Supply Chain Attack via CI/CD Compromise

TeamPCP compromised CI/CD pipelines and GitHub accounts of multiple companies by deploying an infostealer to extract credentials from CI environments, .env files, and cloud tokens, impacting projects like Trivy, KICS, and LiteLLM.

TeamPCP supply-chain ci/cd infostealer

2r 1t Mar 26, 2026

high threat

TeamPCP Compromise of KICS GitHub Action Supply Chain

2 rules 4 TTPs

TeamPCP conducted a supply chain attack compromising the KICS GitHub Action, impacting users who integrated the compromised version into their CI/CD pipelines.

TeamPCP supply-chain github-actions ci/cd

2r 4t Mar 23, 2026

high advisory

Trivy Security Scanner GitHub Actions Tag Hijacking for CI/CD Secret Theft

2 rules 4 TTPs

Attackers hijacked 75 tags associated with the Trivy Security Scanner GitHub Actions to steal CI/CD secrets from users of the compromised tags.

supply-chain github-actions ci/cd tag-hijacking

2r 4t Mar 21, 2026