VulnHub

Real-time Cybersecurity News

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

The Hacker News
Actively Exploited
Malware

Overview

TeamPCP, a cybercriminal group known for targeting supply chains, has compromised two GitHub Actions workflows belonging to Checkmarx, a company focused on supply chain security. The affected workflows, named checkmarx/ast-github-action and checkmarx/kics-github-action, were breached through stolen continuous integration (CI) credentials. This incident raises concerns about the security of cloud-native applications and the potential for further supply chain attacks. Organizations using these workflows might be at risk of malicious code execution or data breaches, emphasizing the need for stronger credential management and security practices in CI environments.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: checkmarx/ast-github-action, checkmarx/kics-github-action
  • Action Required: Organizations should review and rotate CI credentials, implement stronger access controls, and monitor workflows for unauthorized changes.
  • Timeline: Newly disclosed

Original Article Summary

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by the supply chain security company Checkmarx, are listed below - checkmarx/ast-github-action checkmarx/kics-github-action Cloud security

Impact

checkmarx/ast-github-action, checkmarx/kics-github-action

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should review and rotate CI credentials, implement stronger access controls, and monitor workflows for unauthorized changes.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

Dutch Ministry of Finance discloses breach affecting employees

BleepingComputer

The Dutch Ministry of Finance has confirmed that it experienced a cyberattack that compromised some of its systems. The breach was detected last week, although specific details about the nature of the attack or the data that may have been accessed have not been disclosed. This incident potentially affects the ministry's employees, raising concerns about the security of sensitive information. As government agencies often handle critical data, any breach could have significant implications for public trust and national security. The ministry is likely working to assess the damage and improve its security measures to prevent future incidents.

Mar 24, 2026

DarkSword iPhone Exploit Leaked Online, Hundreds of Millions at Risk

Hackread – Cybersecurity News, Data Breaches, AI and More

A significant security vulnerability known as the DarkSword exploit has been leaked, putting an estimated 270 million iPhones at risk. This exploit allows hackers to potentially access sensitive user data, raising serious concerns about privacy and security for iPhone users worldwide. Researchers have indicated that this could lead to unauthorized access to personal information stored on these devices. The scale of the impact is alarming, as many users may not be aware that their data could be compromised. It's crucial for affected users to stay informed and take necessary precautions to protect their information as details about the exploit continue to emerge.

Mar 24, 2026

Russian Initial Access Broker Handed 81-Month Sentence

Infosecurity Magazine

Aleksei Volkov, a Russian cybercriminal, has been sentenced to 81 months in prison for his involvement with the Yanluowang ransomware. This ransomware has been linked to various attacks on organizations, encrypting files and demanding ransom payments for decryption. Volkov's arrest and sentencing mark a significant step in the ongoing efforts to combat ransomware and cybercrime. His actions not only impacted individual victims but also contributed to the broader threat posed by ransomware groups, which continue to target businesses and institutions worldwide. The case serves as a reminder of the legal consequences that cybercriminals face, hopefully deterring future attacks.

Mar 24, 2026

Stryker Says Malicious File Found During Probe Into Iran-Linked Attack

SecurityWeek

Stryker, a medical technology company, has reported discovering a malicious file during an investigation into a cyber attack linked to Iranian hackers. The FBI has issued an alert detailing the malware used in this incident, emphasizing the threat posed by state-sponsored cyber activities. This attack is significant as it highlights the ongoing risks that organizations face from sophisticated hacking groups, particularly those linked to nation-states. The incident raises concerns about the security of sensitive data within the healthcare sector, which is often a target due to the critical nature of its operations. Companies in this field should review their cybersecurity measures to protect against similar threats.

Mar 24, 2026

Handala Group Tied to Iranian Hack‑and‑Leak Operations, FBI Reveals

Infosecurity Magazine

The FBI has issued a warning about the Iranian hacking group known as Handala, which has been actively targeting dissidents and opponents of the Iranian regime since 2023. This group is believed to be involved in hack-and-leak operations, where they steal sensitive information and then publicly disclose it to undermine their targets. The FBI's alert emphasizes the potential risks for individuals and organizations opposing the Iranian government, highlighting the ongoing threat posed by state-sponsored cyber activities. Such actions not only threaten personal security but also impact the broader landscape of free expression and dissent, particularly for those in vulnerable positions. As cyber attacks from state actors become more sophisticated, the need for vigilance among potential targets is increasingly critical.

Mar 24, 2026

Privileged by Design: AI Agents and the New Identity Risk to Production Systems - Shashwat Sehgal - RSAC26 #1

SCM feed for Latest

In the article, Shashwat Sehgal discusses the emerging risks associated with AI agents in production systems. As these AI systems gain privileges, they can inadvertently create new identity risks that could be exploited by malicious actors. The focus is on how these AI agents, if not properly managed, could lead to unauthorized access and compromise sensitive data. This situation affects organizations that rely on AI for operational efficiency, making it crucial for them to understand the potential vulnerabilities introduced by these technologies. The discussion emphasizes the need for robust security measures to safeguard against these evolving risks.

Mar 24, 2026