Tag: supply

security

SANS Stormcast Wednesday, May 20th, 2026: Assume Supply Chain Compromise; GitHub Action Compromise;

TeamPCP Supply Chain Campaign: Activity Through 2026-05-17 https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Activity%20Through%202026-05-17/32994 https://slsa.dev/spec/v0.1/levels Github Action Compromise https://www.stepsecurity.io/blog/actions-cool-issues-helper-github-action-compromised-all-tags-point-to-imposter-commit-that-exfiltrates-ci-cd-credentials How Storm-2949 turned a compromised identity into a cloud-wide breach https://www.microsoft.com/en-us/security/blog/2026/05/18/storm-2949-turned-compromised-identity-into-cloud-wide-breach/

Mehr lesen →
soc

BreachForums & TeamPCP Promote Supply Chain Competition as Cybercrime Gets Gamified

BreachForums & TeamPCP Promote Supply Chain Competition as Cybercrime Gets Gamified Underground cybercrime communities are increasingly borrowing ideas from legitimate tech ecosystems: branding, public challenges, shared tools, reputation building, and even prize-based competitions. Recently BreachForums and TeamPCP promoted what they describe as a “supply chain competition,” encouraging threat actors to conduct the “biggest supply chain […]

Mehr lesen →
soc

Checkmarx Jenkins Plugin Backdoored in New TeamPCP Supply Chain Attack

Checkmarx Jenkins Plugin Backdoored in New TeamPCP Supply Chain Attack It hasn’t been long since TeamPCP made headlines for compromising Checkmarx’s GitHub Actions and OpenVSX extensions as part of a sprawling supply chain campaign. Now the same threat actor is back; and this time, they went after the Checkmarx Jenkins plugin. The attack was flagged […]

Mehr lesen →