
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack.
The workflows, both maintained by the supply chain security company Checkmarx, are listed below -
checkmarx/ast-github-action
checkmarx/kics-github-action
Cloud security
View the full article
Recommended Comments
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.