Ongoing 'TeamPCP' Supply-Chain Campaign

Security researchers have identified an ongoing supply-chain campaign attributed to ‘TeamPCP’, where open-source projects and CI/CD automation components have been compromised to distribute malware that steal credentials. The campaign reportedly first compromised Aqua Security’s open-source vulnerability scanner, Trivy, and the operation has since grown in scale to compromise other open-source projects.

This advisory provides a list of known compromised project components, along with corresponding security updates that include mitigation measures and indicators of compromise. Organisations using affected components are advised to review the corresponding security updates and assess their environments for potential compromise. If a compromised version of the affected components was installed or ran in your environment, treat all secrets accessible to the environment as exposed and rotate them immediately.

Trivy

• Trivy: v0.69.4

• aquasecurity/trivy-action (GitHub Actions): All releases before v0.35.0

• aquasecurity/setup-trivy (GitHub Actions): All releases before v0.2.6

• Trivy Docker Image: v0.69.5, v0.69.6

Security Update: https://www.aquasec.com/blog/trivy-supply-chain-attack-what-you-need-to-know/

LiteLLM Python Package

• LiteLLM: 1.82.7, 1.82.8

Security Update: https://docs.litellm.ai/blog/security-update-march-2026

CheckMarx

• checkmarx.ast-results (OpenVSX): ast-results-2.53.0.vsix

• checkmarx.cx-dev-assist (OpenVSX): cx-dev-assist-1.7.0.vsix

• Checkmarx/kics-github-action (GitHub Actions): All releases before v2.1.20

• Checkmarx/ast-github-action (GitHub Actions): All releases before v2.3.33

Security Update: https://checkmarx.com/blog/checkmarx-security-update/

NPM

Multiple packages across the following namespaces:

• @EmilGroup

• @opengov

• @teale.io

• @airtm

• @pypestream

Security Update: https://research.jfrog.com/post/canister-worm/

This list will be updated with any other components reported to be compromised as part of the ongoing campaign.