TeamPCP Supply-Chain Campaign Targets Open-Source Projects with Malware

CSA Alerts & Advisories (Singapore)

Published March 27th, 2026

Detected March 27th, 2026

Summary

The Singapore Cyber Security Agency (CSA) has issued an advisory regarding the ongoing 'TeamPCP' supply-chain campaign. This campaign compromises open-source projects to distribute malware that steals credentials, affecting components from Aqua Security, LiteLLM, CheckMarx, and multiple NPM packages. Organizations using affected components are advised to assess their environments for compromise and rotate secrets immediately.

View original document View source feed page

What changed

The Singapore Cyber Security Agency (CSA) has alerted organizations to an ongoing supply-chain campaign, dubbed 'TeamPCP', which is compromising open-source projects and CI/CD automation tools to distribute credential-stealing malware. The campaign has affected multiple widely used components, including Trivy, LiteLLM, CheckMarx, and various NPM packages. The advisory lists specific compromised versions and provides links to security updates and mitigation measures.

Organizations utilizing any of the affected open-source components must immediately assess their environments for signs of compromise. If a compromised version was installed or executed, all secrets accessible to that environment should be treated as exposed and rotated without delay. This advisory serves as a critical alert for entities relying on these open-source tools to implement immediate security checks and remediation steps to prevent further credential exposure and potential system breaches.

What to do next

Assess environments for compromise by the TeamPCP campaign.
If affected components were installed or ran, immediately rotate all accessible secrets.
Review security updates and indicators of compromise provided for affected components.

Source document (simplified)

Advisory

Ongoing 'TeamPCP' Supply-Chain Campaign

27 March 2026

Security researchers have identified an ongoing supply-chain campaign compromising open-source projects to distribute malware. Organisations using affected components of such projects are advised to assess their environments for potential compromise.

Security researchers have identified an ongoing supply-chain campaign attributed to ‘TeamPCP’, where open-source projects and CI/CD automation components have been compromised to distribute malware that steal credentials. The campaign reportedly first compromised Aqua Security’s open-source vulnerability scanner, Trivy, and the operation has since grown in scale to compromise other open-source projects.

This advisory provides a list of known compromised project components, along with corresponding security updates that include mitigation measures and indicators of compromise. Organisations using affected components are advised to review the corresponding security updates and assess their environments for potential compromise. If a compromised version of the affected components was installed or ran in your environment, treat all secrets accessible to the environment as exposed and rotate them immediately.

Trivy

Trivy: v0.69.4
aquasecurity/trivy-action (GitHub Actions): All releases before v0.35.0
aquasecurity/setup-trivy (GitHub Actions): All releases before v0.2.6
Trivy Docker Image: v0.69.5, v0.69.6
Security Update: https://www.aquasec.com/blog/trivy-supply-chain-attack-what-you-need-to-know/

LiteLLM Python Package

LiteLLM: 1.82.7, 1.82.8 Security Update: https://docs.litellm.ai/blog/security-update-march-2026

CheckMarx

checkmarx.ast-results (OpenVSX): ast-results-2.53.0.vsix
checkmarx.cx-dev-assist (OpenVSX): cx-dev-assist-1.7.0.vsix
Checkmarx/kics-github-action (GitHub Actions): All releases before v2.1.20
Checkmarx/ast-github-action (GitHub Actions): All releases before v2.3.33
Security Update: https://checkmarx.com/blog/checkmarx-security-update/

NPM

Multiple packages across the following namespaces: