securityonline.info 7/4/2026, 3:10:40 AM · external

FBI Warns TeamPCP Supply Chain Hack Hits Trivy, KICS Tools

FBI Warns TeamPCP Supply Chain Hack Hits Trivy, KICS Tools
CyberSIXT Evidence Panel
Primary Source ic3.gov
Threat Actor

THE FBI issued an alert regarding a significant software supply chain attack attributed to the cybercriminal group TeamPCP. The attackers compromised trusted software distribution channels in 2026, injecting malicious code into popular development and security tools, notably targeting Trivy and KICS. This led to credential theft through malware like CanisterWorm and SANDCLOCK, which harvested sensitive data from cloud services and local environments.

The attack poses severe risks to enterprise developers by providing attackers with persistent access to victim environments. To mitigate these threats, organizations are advised to rotate credentials, implement behavioral monitoring, and enforce multi-factor authentication. The FBI emphasizes the need for rapid response to this ongoing threat.

View Primary Source Via securityonline.info

Article by CyberSIXT