Hit dev and security toolchains

Checkmarx said data published by Lapsus$ appears to have come from its GitHub repositories after a broader supply-chain attack that began in March. (checkmarx.com) (theregister.com) A supply-chain attack is when hackers tamper with a tool developers already trust, so the malware rides along with normal builds and updates. In this case, the tools were security scanners, GitHub Actions, Docker images, and package releases used inside software pipelines. (securityweek.com) (socket.dev) The first confirmed breach hit Aqua Security’s Trivy ecosystem on March 19, 2026. Aqua said an attacker used compromised credentials to publish malicious Trivy 0.69.4 releases and replace tags in trivy-action and setup-trivy. (aquasec.com) (github.com) GitHub’s advisory said the attacker force-pushed 76 of 77 version tags in trivy-action and replaced all seven tags in setup-trivy with malicious commits. Aqua later said its first round of credential rotation was not atomic, which let the intruders keep access and come back. (github.com) (aquasec.com) Researchers and vendors say the same access pattern then spread into other developer tools. Checkmarx said attackers injected malicious payloads into its AST GitHub Action and KICS GitHub Action on March 23 between 12:58 and 16:50 UTC. (checkmarx.com) (theregister.com) Checkmarx said a cybercriminal group published data related to the company on April 25, and current evidence indicates that access to its repositories was facilitated through that March 23 attack. The company said its GitHub repositories are separate from its customer production environment and that it does not store customer data there. (checkmarx.com 1) (checkmarx.com 2) Socket and SecurityWeek linked the campaign to TeamPCP, also called DeadCatx3, PCPcat, and ShellForce. Socket said the group targeted “high-leverage points” such as scanners and CI systems because those tools already sit inside enterprise environments with broad access to secrets. (socket.dev) (securityweek.com) The stolen material was not just source code. The Register, citing posts attributed to Lapsus$, reported claims of API keys, MongoDB and MySQL credentials, and employee details in the Checkmarx dump. (theregister.com) The downstream impact reached package users too. Bitwarden said a malicious @bitwarden/cli@2026.4.0 package was briefly available through npm between 5:57 p.m. and 7:30 p.m. Eastern on April 22, 2026, in connection with the broader Checkmarx incident. (community.bitwarden.com) (socket.dev) Bitwarden said it found no evidence that end-user vault data, production data, source code, or encryption keys were accessed. The company told users who installed that npm package during the affected window to rotate secrets on the host and review logs. (community.bitwarden.com) A separate April campaign showed how the same weak point can be abused at scale even without stealing a maintainer account first. Wiz said one actor opened more than 475 malicious pull requests in 26 hours by exploiting repositories that used GitHub’s pull_request_target workflow trigger. (wiz.io) That trigger runs with the base repository’s permissions, which can expose secrets if a project executes untrusted code from a forked pull request. Wiz said the attacker used it to hunt for GitHub, cloud, and npm tokens and, when possible, publish malicious package versions. (wiz.io) The through line in all of these incidents is that the attackers went after the tools that check, build, sign, and ship software. Once those tools are compromised, the next victim can be every developer or customer who treats the output as trusted. (socket.dev) (securityweek.com)