KICS GitHub Action Compromised: TeamPCP Supply Chain Attack
The KICS GitHub Action was compromised with credential-stealing malware by TeamPCP, the identical group behind the Trivy attack. KICS is an open supply infrastructure as code safety scanner by Checkmarx. Between 12:58 and 16:50 UTC on March twenty third, any customers of this GitHub Action who have been pinning to one of many compromised tags…