腾讯网

TeamPCP利用窃取的CI凭证入侵Checkmarx GitHub Actions工作流

云原生网络犯罪组织TeamPCP再次发起攻击,通过凭证窃取恶意软件入侵了两个新的GitHub Actions工作流。该组织此前曾发起Trivy供应链攻击。 此次被入侵的工作流均由供应链安全公司Checkmarx维护,具体包括: ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
TechJuice

Hackers Compromise Developer Tools In Major Supply Chain Attack

Hackers breach Checkmarx developer tools to steal sensitive data, exposing risks in widely used software systems.
Dark Reading

Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit

Hard on the heels of a broad supply chain attack that impacted the Aqua Security-maintained Trivy open source security-scanner project, Checkmarx on Tuesday disclosed that attackers had compromised a ...

Cisco source code stolen in Trivy-linked dev environment breach

Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to ...
SiliconANGLE

Checkmarx integrates Developer Assist into Kiro for real-time AI-powered code security

Application security testing firm Checkmarx Ltd. today announced integrated development environment-native support for Kiro through Checkmarx Developer Assist, extending real-time, artificial ...
Business Wire

Checkmarx Expands Software Supply Chain Security with Advanced Secrets Detection and ...

PARAMUS, N.J.--(BUSINESS WIRE)--With the vast majority of development teams using open source software and employing agile development, Checkmarx, the industry leader in cloud-native application ...