On March 19, 2026, TeamPCP (tracked by Google GTIG as UNC6780) began the first stage of a cascading multi-tool supply chain campaign by exploiting a misconfigured GitHub Actions workflow in Aqua Security’s Trivy open-source vulnerability scanner. The group compromised the aqua-bot service account and force-pushed malicious code to 76 of 77 version tags in aquasecurity/trivy-action and all tags in aquasecurity/setup-trivy. The malicious workflow injected TeamPCP’s three-stage ‘Cloud Stealer’ payload that exfiltrates SSH keys, Git credentials, AWS/GCP/Azure/Kubernetes/Docker secrets, .env files, database credentials, VPN configs, cryptocurrency wallet data, and Slack/Discord webhooks. This initial compromise served as the origin point for a cascading campaign that subsequently compromised Checkmarx KICS (March 21), LiteLLM/PyPI (March 27 — leading to the Mercor breach), Telnyx/PyPI (March 27), and the European Commission AWS environment and Cisco development environment. CISA added CVE-2026-33634 to the KEV catalog. The full downstream impact affected thousands of CI/CD pipelines that used these GitHub Actions.