Tools
Microsoft Publishes Detection and Defense Guidance for Trivy Supply Chain Compromise
Microsoft Security Blog published a comprehensive guide on March 24 for detecting, investigating, and defending against the Trivy supply chain compromise that spawned the LiteLLM and Checkmarx KICS attacks. The guidance covers identifying compromised GitHub Actions runners, auditing CI/CD secret exposure, and detecting TeamPCP's credential-harvesting and Kubernetes lateral movement techniques. This marks the first major vendor defensive playbook for the expanding TeamPCP campaign.
↳ Follow the thread