The cloud-native cybercriminal group TeamPCP, which is also behind the Trivy supply chain attack, has hacked two more GitHub Actions workflows and stolen their credentials. Checkmarx, a company that works to keep supply chains safe, keeps both of the workflows below up to date: checkmarx/ast-github-action and checkmarx/kics-github-action. Company that protects the cloud About four days after the breach on March 19, 2026, Sysdig said it saw the same credential stealer that TeamPCP used to attack Aqua Security's Trivy vulnerability scanner and its GitHub Actions.
The CVE number CVE-2026-33634 (CVSS score: 9.4) is being used to keep track of the Try supply chain breach.
Sysdig said, "This suggests that the stolen credentials from the Trivy compromise were used to poison additional actions in affected repositories." The "TeamPCP Cloud stealer" is a type of malware that steals passwords and other sensitive information related to SSH keys, Git, Amazon Web Services (AWS), Google Cloud, Microsoft Azure, Kubernetes, Docker, .env files, databases, and VPNs. It also steals CI/CD configurations, data from cryptocurrency wallets, and Slack and Discord webhook URLs.
The persistence script checks https://checkmarx[. ]zone/raw every 50 minutes for more payloads. If the response contains "youtube," the script stops running.
Right now, the link takes you to "The Show Must Go On" by Queen. "To reduce the threat, users should do the following right away: Change all secrets, tokens, and cloud credentials that CI runners could access during the affected window." Check the runner logs for any mentions of tpcp.tar.gz, scan.aquasecurity[.
]org, or checkmarx[. ]zone in the GitHub Actions workflow runs. Look for repositories on GitHub with the names "tpcp-docs" or "docs-tpcp." These show that the fallback mechanism worked and the data was sent out.
Instead of version tags, pin GitHub Actions to full commit SHAs. This is because tags can be force-pushed.
