A sophisticated supply chain attack by threat group TeamPCP, which initially compromised Aqua Security's Trivy open source vulnerability scanner, has expanded to Checkmarx's KICS static analysis tool and LiteLLM, an open source AI gateway. The attackers harvested GitHub personal access tokens and cloud credentials from CI/CD runner memory, then used a worm component called CanisterWorm to compromise over 45 npm packages and propagate further. Notably, the malware uses blockchain smart contracts for command-and-control, making it resistant to traditional takedown methods. Organizations that ran Trivy scans between March 19–23 should assume all accessible secrets—AWS keys, SSH keys, npm tokens, Kubernetes secrets—have been stolen and rotate credentials immediately. Security teams are advised to pin all third-party GitHub Actions to full 40-character commit hashes to prevent silent tag-swapping.
Table of contents
A Moving TargetIncomplete Containment an IssueKeeping Under the RadarTeamPCP Worms Its Way InTargeting Open Source, AI DevelopmentSort: