Security Unlocked
← Back to Quick Takes

Quick Take

When the Security Tool IS the Supply Chain Attack

TeamPCP's supply-chain campaign has propagated from Trivy to Checkmarx KICS, Checkmarx GitHub Actions, two Open VSX plugins, and now Bitwarden CLI. Lapsus$ is handling the extortion. The blast radius now reaches a password manager with 10M+ users.

The Trivy supply-chain compromise that breached the European Commission has metastasized. TeamPCP’s initial access through the compromised vulnerability scanner has now propagated into Checkmarx’s KICS scanner, Checkmarx GitHub Actions, two Open VSX marketplace plugins, and, as of this week, Bitwarden’s CLI. Lapsus$ is handling the extortion side, claiming source code, API keys, and database credentials from Checkmarx. Socket researchers confirmed the Bitwarden CLI compromise independently, expanding the potential blast radius to over 10 million users and 50,000 businesses.

This is the same trust inversion pattern Security Unlocked has been tracking since March: attackers are not bypassing security tools, they are compromising them directly because these tools hold the highest-privilege access in every environment they touch. We flagged the foundational pattern in Trust Is the Attack Surface on March 17, sharpened it in The Mental Model Is the Vulnerability on March 27, and named the operating mechanic in Trust Is the Exploit on April 6. The April 21 deep-dive Defenders Under Siege: How Adversaries Turned Security Tools Into Weapons This Week walked through the original Trivy to European Commission breach in detail. This week’s escalation closes the loop. A vulnerability scanner has credentials to everything it scans. A password manager has credentials to everything, period. TeamPCP understood this from the start; the targeting is not opportunistic, it is architecturally deliberate.

The operational chain now runs: Trivy (February) to KICS and Checkmarx Docker Hub (March 23) to Checkmarx GitHub Actions and Open VSX (March 23) to LiteLLM and Telnyx (March-April) to Bitwarden CLI (late April). Each hop inherits the trust of the compromised tool and extends the blast radius into a new category of downstream dependency.

What to do now

  • Audit whether any CI/CD pipeline pulled KICS Docker images or Checkmarx GitHub Actions between March 23 and vendor remediation. Treat affected pipelines as credential-compromised.
  • Rotate any secrets that Bitwarden CLI had access to in development or CI environments. The compromise scope is not yet fully defined.
  • Treat this as a campaign, not an incident. If your security toolchain includes any open-source scanner or developer tool that pulls dependencies from npm, Docker Hub, or marketplace extensions, verify provenance against vendor advisories for the March-April window.

The attackers told us what they were doing. On BreachForums, TeamPCP promised to “chain these compromises into devastating follow-on ransomware campaigns.” Five weeks later, Lapsus$ is selling the data. The playbook is executing as advertised.