TeamPCP, a threat actor group, executed a sophisticated multi-stage supply chain attack starting with Aqua Security's Trivy vulnerability scanner. By exploiting a GitHub Actions misconfiguration, they stole credentials, trojanized Trivy binaries and actions, and spread malware across npm packages via a self-propagating worm

7m read timeFrom thenewstack.io
Post cover image
Table of contents
Security tools turned weaponsHow the attack unfoldedGitHub shares the blameRotate credentials, pin actions

Sort: