{"id":2157,"date":"2026-03-26T18:05:11","date_gmt":"2026-03-26T18:05:11","guid":{"rendered":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/"},"modified":"2026-03-26T18:05:11","modified_gmt":"2026-03-26T18:05:11","slug":"teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th","status":"publish","type":"post","link":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/","title":{"rendered":"TeamPCP Supply Chain Campaign: Update 001 &#8211; Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th)"},"content":{"rendered":"<div>\n<p>This is the first update to the TeamPCP supply chain campaign threat intelligence report,\u00a0<a href=\"https:\/\/www.sans.org\/white-papers\/when-security-scanner-became-weapon\">&#8220;When the Security Scanner Became the Weapon&#8221;<\/a>\u00a0(v3.0, March 25, 2026). That report covers the full campaign from the February 28 initial access through the March 24 LiteLLM PyPI compromise. This update covers developments since publication.<\/p>\n<h2 id=\"checkmarx-ast-github-action-all-91-tags-were-compromised-not-just-v2328\">Checkmarx ast-github-action: All 91 Tags Were Compromised, Not Just v2.3.28<\/h2>\n<p>The most significant new finding since the report&#8217;s publication: the scope of the Checkmarx\u00a0<code>ast-github-action<\/code>\u00a0compromise was substantially larger than publicly reported.<\/p>\n<p>Checkmarx&#8217;s official security advisory stated that &#8220;all older versions have been permanently deleted&#8221; but did not quantify how many tags were affected. This ambiguity allowed the security community to anchor on a single confirmed version \u2014 v2.3.28 \u2014 as the extent of the compromise. Sysdig&#8217;s analysis characterized it as &#8220;Checkmarx\/ast-github-action\/2.3.28: (possibly more).&#8221; Even Wiz, which assessed that &#8220;it is likely all tags were impacted,&#8221; only observed the single tag directly.<\/p>\n<p>An independent security researcher who was working this incident firsthand at a Checkmarx customer has now provided primary evidence that\u00a0<strong>all 91 published tags<\/strong>\u00a0were overwritten \u2014 every version from v0.1-alpha through v2.3.32. The evidence is publicly visible in the\u00a0<a href=\"https:\/\/github.com\/Checkmarx\/ast-github-action\/activity\">GitHub activity log<\/a>, which shows 91 tag deletions performed during Checkmarx&#8217;s remediation between 19:09 and 19:16 UTC on March 23, 2026.<\/p>\n<p>Three of the malicious commits are still visible on GitHub:<\/p>\n<ul>\n<li><a href=\"https:\/\/github.com\/Checkmarx\/ast-github-action\/commit\/f1d2a3477e0d8e42a4e7ad15b6fc376cf910e373\">f1d2a3477e0d<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/Checkmarx\/ast-github-action\/commit\/f58de2470825e8ee7c0b3ecc194a948056381003\">f58de2470825<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/Checkmarx\/ast-github-action\/commit\/aa52a82cddf2fa5ad54a519a0a56fd430264dbbe\">aa52a82cddf2<\/a><\/li>\n<\/ul>\n<p>Each malicious commit follows an identical pattern: the legitimate Docker-based\u00a0<code>action.yml<\/code>\u00a0was replaced with a composite action that executes a credential-stealing\u00a0<code>setup.sh<\/code>\u00a0before delegating to the legitimate Checkmarx action at pinned SHA\u00a0<code>327efb5d<\/code>. Each commit was individually crafted with a version-appropriate backdated timestamp and fake commit message (e.g., &#8220;2.0.30: PR #&#8221;). The attacker did not reuse a single malicious commit across multiple tags \u2014 they created individual poisoned commits for individual versions.<\/p>\n<p><strong>The impact of this under-reporting is material.<\/strong>\u00a0Organizations that searched their CI\/CD logs only for\u00a0<code>ast-github-action@2.3.28<\/code>\u00a0would have missed compromised runs referencing any of the other 90 poisoned tags. The credential stealer executed regardless of which tag version was referenced.<\/p>\n<p><strong>Recommended action:<\/strong>\u00a0Search your CI\/CD workflow logs for ANY reference to\u00a0<code>checkmarx\/ast-github-action<\/code>\u00a0that executed between 12:58 and 19:16 UTC on March 23, 2026. If found, treat all secrets accessible to that workflow as compromised and rotate immediately. The only safe version is v2.3.33, released during remediation.<\/p>\n<p>For comparison, the companion\u00a0<code>kics-github-action<\/code>\u00a0received accurate &#8220;all 35 tags&#8221; reporting from the outset, largely because\u00a0<a href=\"https:\/\/github.com\/Checkmarx\/kics-github-action\/issues\/152\">GitHub Issue #152<\/a>\u00a0was filed publicly with the title &#8220;Malware injected in all Git Tags.&#8221; No equivalent public issue was filed for\u00a0<code>ast-github-action<\/code>.<\/p>\n<h2 id=\"cisa-adds-cve-2026-33634-to-known-exploited-vulnerabilities-catalog\">CISA Adds CVE-2026-33634 to Known Exploited Vulnerabilities Catalog<\/h2>\n<p>CISA has added\u00a0<a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-33634\">CVE-2026-33634<\/a>\u00a0(CVSS 9.4) to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation. Federal agencies are required to remediate by\u00a0<strong>April 3, 2026<\/strong>. All organizations using Trivy,\u00a0<code>trivy-action<\/code>, or\u00a0<code>setup-trivy<\/code>\u00a0should verify they are running safe versions:<\/p>\n<ul>\n<li><strong>Trivy binary:<\/strong>\u00a0\u2265 v0.69.2<\/li>\n<li><strong>trivy-action:<\/strong>\u00a0v0.35.0 (or pin to SHA\u00a0<code>57a97c7e7821a5776cebc9bb87c984fa69cba8f1<\/code>)<\/li>\n<li><strong>setup-trivy:<\/strong>\u00a0v0.2.6 (re-released clean)<\/li>\n<\/ul>\n<h2 id=\"pypi-quarantine-lifted-litellm-freezes-all-releases\">PyPI Quarantine Lifted; LiteLLM Freezes All Releases<\/h2>\n<p>PyPI lifted its quarantine of the LiteLLM package on March 25 at 20:15 UTC. Malicious versions 1.82.7 and 1.82.8 have been yanked. However, BerriAI has announced they are\u00a0<a href=\"https:\/\/docs.litellm.ai\/blog\/security-update-march-2026\">pausing all new LiteLLM releases<\/a>\u00a0pending a complete supply chain security review. Google&#8217;s Mandiant has been engaged for forensic analysis. The last known-safe version is v1.82.6.rc.2.<\/p>\n<p>Any installation of LiteLLM v1.82.7 or v1.82.8 should be treated as compromised \u2014 rotate all credentials that were present as environment variables, in configuration files, or in Kubernetes secrets on the affected system.<\/p>\n<h2 id=\"community-detection-tools-now-available\">Community Detection Tools Now Available<\/h2>\n<p>Two community-developed detection tools are now available:<\/p>\n<ul>\n<li><strong><a href=\"https:\/\/github.com\/jthack\/litellm-vuln-detector\">jthack\/litellm-vuln-detector<\/a><\/strong>\u00a0\u2014 Scans for malicious\u00a0<code>.pth<\/code>\u00a0files, persistence backdoors (<code>~\/.config\/sysmon\/sysmon.py<\/code>, systemd user services), exfiltration domains (<code>models.litellm.cloud<\/code>), and attacker Kubernetes pods (<code>node-setup-*<\/code>\u00a0in\u00a0<code>kube-system<\/code>).<\/li>\n<li><strong><a href=\"https:\/\/gist.github.com\/sorrycc\/30a765b9a82d0d8958e756b251828a19\">Community detection gist<\/a><\/strong>\u00a0\u2014 Checks for compromised LiteLLM versions and TeamPCP indicators.<\/li>\n<\/ul>\n<p>Run these against your CI\/CD runners, developer workstations, and any systems where LiteLLM was installed during the March 24 exposure window.<\/p>\n<h2 id=\"additional-intelligence\">Additional Intelligence<\/h2>\n<p><strong>TeamPCP Telegram statement:<\/strong>\u00a0The threat actor posted to their Telegram channel: &#8220;These companies were built to protect your supply chains yet they can&#8217;t even protect their own&#8230; we&#8217;re gonna be around for a long time stealing terrabytes [sic] of trade secrets with our new partners.&#8221;\u00a0<a href=\"https:\/\/socket.dev\/blog\/teampcp-targeting-security-tools-across-oss-ecosystem\">Socket.dev<\/a>\u00a0characterizes this as confirmation that TeamPCP is deliberately and systematically targeting security tools as a strategy.<\/p>\n<p><strong>Wiz publishes third analysis:<\/strong>\u00a0Wiz Research published\u00a0<a href=\"https:\/\/www.wiz.io\/blog\/threes-a-crowd-teampcp-trojanizes-litellm-in-continuation-of-campaign\">&#8220;Three&#8217;s a Crowd: TeamPCP Trojanizes LiteLLM&#8221;<\/a>, confirming LiteLLM is present in 36% of cloud environments they monitor. This is the third Wiz blog post covering the campaign arc (Trivy, KICS, LiteLLM).<\/p>\n<p><strong>RSA Conference timing:<\/strong>\u00a0Analysts assess that TeamPCP may have deliberately timed the LiteLLM attack to coincide with RSA Conference, when many security teams had reduced staffing. This assessment, reported by\u00a0<a href=\"https:\/\/www.csoonline.com\/article\/4149938\/trivy-supply-chain-breach-compromises-over-1000-saas-environments-lapsus-joins-the-extortion-wave.html\">CSO Online<\/a>, is based on temporal correlation and has not been confirmed by the threat actor or forensic evidence.<\/p>\n<p><strong>Parallel campaign \u2014 ForceMemo:<\/strong>\u00a0<a href=\"https:\/\/www.securityweek.com\/forcememo-python-repositories-compromised-in-glassworm-aftermath\/\">SecurityWeek reports<\/a>\u00a0a separate campaign (&#8220;ForceMemo&#8221;) using credentials stolen via GlassWorm VS Code extensions to force-push malicious code into approximately 150 GitHub Python repositories. This is NOT TeamPCP but demonstrates the breadth of the current supply chain threat landscape.<\/p>\n<h2 id=\"watch-items\">Watch Items<\/h2>\n<ul>\n<li>Named victim breach disclosures \u2014 expected imminently given active extortion<\/li>\n<li>Expansion to RubyGems,\u00a0<a href=\"http:\/\/crates.io\/\">crates.io<\/a>, or Maven Central \u2014 predicted by\u00a0<a href=\"https:\/\/www.endorlabs.com\/learn\/teampcp-isnt-done\">Endor Labs<\/a>\u00a0but not yet confirmed<\/li>\n<li>Aqua Security promised additional findings by end of day March 26<\/li>\n<li>CISA standalone advisory \u2014 KEV entry issued, but no dedicated advisory document yet<\/li>\n<\/ul>\n<p>The full campaign report is available at\u00a0<a href=\"https:\/\/www.sans.org\/white-papers\/when-security-scanner-became-weapon\">sans.org\/white-papers\/when-security-scanner-became-weapon<\/a>. A SANS Emergency Webcast is scheduled at\u00a0<a href=\"https:\/\/www.sans.org\/webcasts\/when-security-scanner-became-weapon\">sans.org\/webcasts\/when-security-scanner-became-weapon<\/a>.<\/p>\n<p> (c) SANS Internet Storm Center. https:\/\/isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>This is the first update to the TeamPCP supply chain campaign threat intelligence report,\u00a0&#8220;When the Security Scanner Became the Weapon&#8221;\u00a0(v3.0, March 25, 2026). That report covers the full campaign from the February 28 initial access through the March 24 LiteLLM PyPI compromise. This update covers developments since publication. Checkmarx ast-github-action: All 91 Tags Were Compromised, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[90],"tags":[91],"class_list":["post-2157","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-cybersecurity"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th) - Imperative Business Ventures Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th) - Imperative Business Ventures Limited\" \/>\n<meta property=\"og:description\" content=\"This is the first update to the TeamPCP supply chain campaign threat intelligence report,\u00a0&#8220;When the Security Scanner Became the Weapon&#8221;\u00a0(v3.0, March 25, 2026). That report covers the full campaign from the February 28 initial access through the March 24 LiteLLM PyPI compromise. This update covers developments since publication. Checkmarx ast-github-action: All 91 Tags Were Compromised, [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/\" \/>\n<meta property=\"og:site_name\" content=\"Imperative Business Ventures Limited\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-26T18:05:11+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"headline\":\"TeamPCP Supply Chain Campaign: Update 001 &#8211; Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th)\",\"datePublished\":\"2026-03-26T18:05:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/\"},\"wordCount\":920,\"keywords\":[\"Cybersecurity\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/\",\"url\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/\",\"name\":\"TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th) - Imperative Business Ventures Limited\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/#website\"},\"datePublished\":\"2026-03-26T18:05:11+00:00\",\"author\":{\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.ibvl.in\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"TeamPCP Supply Chain Campaign: Update 001 &#8211; Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.ibvl.in\/#website\",\"url\":\"https:\/\/blog.ibvl.in\/\",\"name\":\"Imperative Business Ventures Limited\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.ibvl.in\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/blog.ibvl.in\"],\"url\":\"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th) - Imperative Business Ventures Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/","og_locale":"en_US","og_type":"article","og_title":"TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th) - Imperative Business Ventures Limited","og_description":"This is the first update to the TeamPCP supply chain campaign threat intelligence report,\u00a0&#8220;When the Security Scanner Became the Weapon&#8221;\u00a0(v3.0, March 25, 2026). That report covers the full campaign from the February 28 initial access through the March 24 LiteLLM PyPI compromise. This update covers developments since publication. Checkmarx ast-github-action: All 91 Tags Were Compromised, [&hellip;]","og_url":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/","og_site_name":"Imperative Business Ventures Limited","article_published_time":"2026-03-26T18:05:11+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/#article","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/"},"author":{"name":"admin","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"headline":"TeamPCP Supply Chain Campaign: Update 001 &#8211; Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th)","datePublished":"2026-03-26T18:05:11+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/"},"wordCount":920,"keywords":["Cybersecurity"],"articleSection":["Cybersecurity"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/","url":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/","name":"TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th) - Imperative Business Ventures Limited","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/#website"},"datePublished":"2026-03-26T18:05:11+00:00","author":{"@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"breadcrumb":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/26\/teampcp-supply-chain-campaign-update-001-checkmarx-scope-wider-than-reported-cisa-kev-entry-and-detection-tools-available-thu-mar-26th\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.ibvl.in\/"},{"@type":"ListItem","position":2,"name":"TeamPCP Supply Chain Campaign: Update 001 &#8211; Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th)"}]},{"@type":"WebSite","@id":"https:\/\/blog.ibvl.in\/#website","url":"https:\/\/blog.ibvl.in\/","name":"Imperative Business Ventures Limited","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.ibvl.in\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/blog.ibvl.in"],"url":"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/2157","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/comments?post=2157"}],"version-history":[{"count":0,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/2157\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/media?parent=2157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/categories?post=2157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/tags?post=2157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}