Supply Chain Attack Weaponizes Security Tools Against Their Users

TeamPCP compromised Trivy, Checkmarx, and Bitwarden security scanning tools starting March 19, injecting worm-capable malware into CI/CD pipelines. The attack targeted the infrastructure organizations rely on to detect breaches—turning threat detection itself into an attack vector. Attackers maintained access for weeks post-discovery. The malware includes a data wiper targeting Iranian systems.