Trivy scanner breached, 75 GitHub Actions tags poisoned, npm worm spawned in 24-day attack
by Artem Safonov
A 24-day supply chain campaign hit Aqua Security's Trivy scanner, 75 GitHub Actions tags, and 66+ npm packages. TeamPCP stole CI/CD secrets from 10,000+ workflows using memory scraping and spawned a self-propagating npm worm with decentralized C2. One payload wiped …
Read more →