The supply chain campaign initiated through a compromised vulnerability scanner has successfully pivoted into secondary cloud-native libraries. This cascading failure demonstrates how a single breach in a security tool can weaponize the entire downstream development lifecycle.
Following the compromise of @[GitHub](urn:li:organization:19041) Action tags for the Trivy scanner, the group TeamPCP used stolen PyPI publishing credentials to poison the LiteLLM and Telnyx packages. These malicious versions were used to harvest SSH keys and cloud provider tokens from infected build runners. The group is now systematically validating these secrets to gain persistent access to production cloud clusters.
The speed at which TeamPCP pivoted from one compromised package to the next indicates a professionalized operation that treats stolen CI/CD secrets as high-velocity currency. This highlights the danger of long-lived credentials in automated pipelines; once a scanner or build tool is breached, the clock for rotate-or-compromise begins instantly.
– Conduct a mandatory rotation of every cloud provider secret and SSH key that touched a pipeline where Trivy ran in March 2026.
– Transition to OIDC-based short-lived credentials for all CI/CD tasks to eliminate the risk of long-lived secret theft.
– Pin all third-party @[GitHub](urn:li:organization:19041) Actions and npm/PyPI packages to full SHA-256 hashes.
– Monitor cloud logs for anomalous service principal activity or unauthorized resource creation originating from the exfiltrated keys.
The security of the supply chain is a recursive problem: your defense tools are only as secure as the pipelines that deliver them. #CodeDefence #SupplyChain #Trivy #DevSecOps
/