Two GitHub Actions workflows maintained by supply chain security company Checkmarx have been compromised by TeamPCP, a threat actor previously responsible for the Trivy supply chain attack. The compromised workflows are checkmarx/ast-github-action and checkmarx/kics-github-action.
The attack follows TeamPCP's established pattern of using credential-stealing malware to gain access to continuous integration systems. The threat actor is described as a cloud-native cybercriminal operation that specifically targets software supply chain infrastructure.