A cyberthreat group identified as TeamPCP has launched a coordinated supply chain attack campaign targeting multiple security and development tools. The attackers have compromised Trivy vulnerability scanner, Checkmarx's KICS code scanner, VS Code plugins, and the LiteLLM AI library, according to Dark Reading.
The attack represents a significant escalation in supply chain targeting, as the compromised tools are widely used by security teams and developers for code analysis and vulnerability management. The scope suggests attackers are specifically targeting the security software ecosystem to potentially gain access to downstream organizations.