On March 21, 2026, as the second step in its cascading supply chain campaign, TeamPCP used PATs stolen during the March 19 Trivy/Aqua Security GitHub Actions compromise to target Checkmarx KICS (Keep Infrastructure as Code Secure), a widely-used open-source infrastructure-as-code security scanner. The attackers force-pushed malicious commits to all 35 version tags of checkmarx/kics-github-action and poisoned version 2.3.28 of checkmarx/ast-github-action. The injected payload was TeamPCP’s three-stage Cloud Stealer, which subverted the official container entrypoint (setup.sh). The stealer exfiltrated credentials to the typosquat domain checkmarx[.]zone. As a failsafe, if primary C2 communications failed, the malware used the victim’s own GITHUB_TOKEN to create a hidden repository named ‘docs-tpcp’ within the victim’s GitHub organization to store stolen credentials. Any CI/CD pipeline using kics-github-action or ast-github-action during this window would have had its cloud credentials silently exfiltrated. Checkmarx published a security update and restored clean versions. Part of the TeamPCP multi-target campaign alongside Trivy (March 19), LiteLLM/PyPI (March 27), and Telnyx/PyPI (March 27).