Skip to content
supplychainattack.orgSupply chain attack incident catalog
containedhigh

KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attack

The KICS GitHub Action maintained by Checkmarx was compromised by the TeamPCP threat actor on March 23, 2026, with 35 tags hijacked between 12:58–16:50 UTC. The attack was credential-stealing in nature, targeting users of the GitHub Action in their CI/CD workflows.

ShareXLinkedInHacker News
Disclosed
Last updated
Blast radius
GitHub Actions users relying on the KICS GitHub Action during the compromise window (12:58–16:50 UTC on March 23, 2026).
Ecosystems
Other
Attack vectors
Account takeover
Affected entities
  • KICS GitHub Action35 tags hijacked during the compromise window

The Checkmarx KICS GitHub Action was compromised as part of a supply chain attack attributed to the TeamPCP threat actor. Between 12:58 and 16:50 UTC on March 23, 2026, attackers hijacked 35 tags of the action, likely through account takeover or credential compromise.

The attack targeted users who rely on the KICS GitHub Action within their CI/CD pipelines. The malicious versions were designed to steal credentials from affected workflows, posing a risk to any secrets or authentication tokens exposed during action execution.

This incident is part of a pattern of supply chain attacks by TeamPCP targeting development tools and infrastructure. Users are advised to audit their GitHub Actions workflows, identify any malicious activity during the compromise window, and implement additional security controls around GitHub Actions usage.

Indicators of compromise

Packages
  • KICS GitHub Action

Remediation

  • Audit GitHub Actions workflows for execution of the KICS GitHub Action between 12:58–16:50 UTC on March 23, 2026
  • Review GitHub Actions logs and audit trails for suspicious activity or credential access during the compromise window
  • Rotate any secrets, tokens, or credentials that may have been exposed to the compromised KICS GitHub Action
  • Update the KICS GitHub Action to a patched version released after the compromise was discovered
  • Implement GitHub Actions security best practices including pinning action versions to specific commit SHAs rather than tags
  • Consider using GitHub's OIDC token provider instead of long-lived credentials in CI/CD workflows

Sources

  1. KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attack · Wiz

Cite this entry

"KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attack." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed March 23, 2026; last updated June 7, 2026. https://supplychainattack.org/incident/kics-github-action-compromised-teampcp-strikes-again-in-supply-chain-attack-1jcbe8

Suggest a correction

Found an error or have a newer source? Corrections to factual errors take priority over new entries.

Related incidents

  1. containedcritical

    Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets

    On May 22, 2026, an attacker with push access to the Laravel-Lang GitHub organization rewrote git tags across multiple Composer packages to distribute malicious payloads that exfiltrate CI secrets. The attack affected laravel-lang/http-statuses, laravel-lang/actions, and laravel-lang/attributes, targeting developers who ran composer update or fresh installations.

    OtherAccount takeoverMalicious commit
  2. activecritical

    Shai-Hulud: Here We Go Again. Mass npm Supply Chain Attack Hits the AntV Ecosystem

    A new wave of the Mini Shai-Hulud worm has compromised multiple npm packages across Alibaba's AntV data visualization ecosystem, including echarts-for-react and timeago.js. Stolen CI/CD secrets are being exfiltrated and dumped to thousands of public GitHub repositories as the attack spreads.

    npmOtherCompromised packageAccount takeover
  3. activecritical

    The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest Wave

    TeamPCP conducted a multi-ecosystem supply chain compromise targeting the @antv package and associated development infrastructure. The attack leveraged GitHub, NPM, and VSCode to steal credentials and establish persistence mechanisms.

    npmOtherAccount takeoverCompromised packageMalicious maintainer
  4. activecritical

    Shai-Hulud Worm Pivots to Multi-Cloud: intercom-client@7.0.4 Hijacked — 361,000 Weekly Downloads, AWS, GCP, and Azure Credentials Now in Scope

    The Shai-Hulud worm has hijacked intercom-client@7.0.4 (361,510 weekly downloads) via a compromised GitHub Actions OIDC publishing pipeline, 29 hours after compromising mbt@1.2.48 and @cap-js/sqlite@2.2.2. The worm is actively propagating through CI/CD infrastructure stolen from earlier victims, targeting multi-cloud credentials (AWS, GCP, Azure).

    npmOtherCompromised packageBuild-system compromiseAccount takeover