Malware4 min read
TeamPCP Hijacks Checkmarx KICS Using Stolen Trivy Tokens
Stolen CI credentials from Trivy breach enabled TeamPCP to compromise Checkmarx KICS GitHub Actions, poisoning all 35 version tags with credential-stealing malware in four-hour window.
James RiveraMar 25, 2026