TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th)

This update documents the TeamPCP supply-chain campaign that injected credential-stealing malware into Checkmarx's ast-github-action (all 91 tags overwritten) and compromised LiteLLM PyPI releases (malicious versions yanked), confirms active exploitation (CVE-2026-33634 added to CISA KEV), and provides remediation and detection guidance including log searches, version pins, and credential rotation.