腾讯网

TeamPCP利用窃取的CI凭证入侵Checkmarx GitHub Actions工作流

云原生网络犯罪组织TeamPCP再次发起攻击,通过凭证窃取恶意软件入侵了两个新的GitHub Actions工作流。该组织此前曾发起Trivy供应链攻击。 此次被入侵的工作流均由供应链安全公司Checkmarx维护,具体包括: ...
Dark Reading

Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx, and the LiteLLM AI library — and all signs point ...
TechJuice

Hackers Compromise Developer Tools In Major Supply Chain Attack

Hackers breach Checkmarx developer tools to steal sensitive data, exposing risks in widely used software systems.
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
The Hacker News

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor ...

Checkmarx Redefines Application Security for the Age of Agentic Development

AI Supply Chain Security , a centralized governance and visibility layer for AI components embedded in modern applications. It discovers hidden AI assets, including models, agents, datasets, prompts, ...
Business Wire

Checkmarx One Surpasses $150M ARR and Expands Global Leadership in AI-Powered Application ...

Company pioneers new AI Coding Security Assistant category with Developer Assist and delivers groundbreaking research as platform adoption accelerates worldwide PARAMUS, N.J. & SINGAPORE--(BUSINESS ...

Checkmarx unveils AppSec platform for the Age of Agentic Development

Checkmarx today unveiled Checkmarx One, an AppSec platform that embeds agentic, AI-driven security across code, dependencies, ...