The TeamPCP used stolen credentials to launch CanisterWorm, a component responsible for allowing the threat group to move between targets.

DevOps publication provides insights into DevOps practices, tools, and culture, offering articles and tutorials for automating software delivery pipelines and fostering collaboration between development and operations teams. By exploring DevOps's curated content, developers can learn about infrastructure as code (IaC), containerization, and cloud-native technologies for building scalable and resilient applications. DevOps publication offers  guidance and best practices to accelerate your software delivery process and improve team collaboration.

DevOps.com

A sophisticated supply chain attack by threat group TeamPCP, which initially compromised Aqua Security's Trivy open source vulnerability scanner, has expanded to Checkmarx's KICS static analysis tool and LiteLLM, an open source AI gateway. The attackers harvested GitHub personal access tokens and cloud credentials from CI/CD runner memory, then used a worm component called CanisterWorm to compromise over 45 npm packages and propagate further. Notably, the malware uses blockchain smart contracts for command-and-control, making it resistant to traditional takedown methods. Organizations that ran Trivy scans between March 19–23 should assume all accessible secrets—AWS keys, SSH keys, npm tokens, Kubernetes secrets—have been stolen and rotate credentials immediately. Security teams are advised to pin all third-party GitHub Actions to full 40-character commit hashes to prevent silent tag-swapping.

Sophisticated Supply Chain Attack Targeting Trivy Expands to Checkmarx, LiteLLM