TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

The threat actor TeamPCP compromised two GitHub Actions workflows maintained by supply chain security company Checkmarx using stolen CI credentials. The affected workflows are checkmarx/ast-github-action and checkmarx/kics-github-action. TeamPCP, also responsible for the Trivy supply chain attack, deployed credential-stealing malware in this incident. No specific dates, CVE IDs, or technical details of the malware were provided. The attack targeted GitHub Actions workflows, but the exact impact beyond credential theft was not disclosed.