TeamPCP supply chain attacks ๐Ÿฆ , Azure Monitor callback phishing ๐Ÿ“ง, Intune security hardening ๐Ÿ”’

Daily Threat Intel Digest - 2026-03-22

๐Ÿ”ด Critical Threats & Active Exploitation

[NEW] Trivy Supply Chain Compromise Distributes Infostealer via GitHub Actions A widely used vulnerability scanner has become the victim of a sophisticated supply-chain attack, highlighting the risks of trusting automated build pipelines. Threat actors known as TeamPCP (also tracked as DeadCatx3 or ShellForce) compromised credentials for the Trivy projectโ€”likely from a previous, incomplete containment incident in early Marchโ€”to inject malicious code into the official repository and GitHub Actions [BleepingComputer]. The attackers force-pushed 75 out of 76 version tags in the aquasecurity/trivy-action repository, replacing legitimate entry points with a malicious script that functions as an infostealer. This script harvests a wide array of sensitive data, including SSH keys, cloud credentials (AWS, GCP, Azure), database configs, and .env files, before exfiltrating it to a typosquatted command-and-control server at scan.aquasecurtiy[.]org. Organizations that used the affected Trivy release (v0.69.4) or the compromised GitHub Actions tags between roughly March 20 and March 21 should assume their environments are fully compromised and immediately rotate all exposed secrets and tokens [BleepingComputer].

[NEW] TeamPCP Deploys Self-Propagating “CanisterWorm” via NPM The same threat actor behind the Trivy compromise has expanded their operation with a secondary campaign targeting the JavaScript ecosystem. Researchers have linked TeamPCP to a new self-propagating worm, CanisterWorm, which abuses stolen npm authentication tokens to propagate across developer environments [BleepingComputer]. The worm, delivered via a deploy.js payload, enumerates all publishable packages associated with a compromised user, bumps patch versions, and publishes malicious updates to spread the backdoor further. To ensure operational resilience against takedowns, the malware uses a decentralized command-and-control mechanism leveraging Internet Computer (ICP) canisters. This creates a “dead-drop” resolver that provides URLs for additional payloads, requiring a network governance vote to remove [BleepingComputer].

[NEW] Attackers Abuse Azure Monitor for Authenticated Callback Phishing A novel callback phishing campaign is bypassing traditional email security controls by abusing the legitimate Microsoft Azure Monitor service. Attackers are creating Azure Monitor alerts with easily triggered conditionsโ€”such as “invoice paid” or “memory spike”โ€”and injecting phishing text into the alert’s description field [BleepingComputer]. These alerts are configured to email a list under the attacker’s control. Because the emails originate from azure-noreply@microsoft.com and pass SPF, DKIM, and DMARC validation, they appear highly trustworthy to users and security filters alike. The emails mimic billing security notices, urging victims to call a fraudulent support number to resolve a fake charge (e.g., $389.90 for Windows Defender). Security teams should warn users that legitimate Microsoft alerts rarely ask for callback via phone number and should scrutinize any unexpected billing notifications [BleepingComputer].

๐Ÿ“‹ Policy & Industry News

[UPDATE] Microsoft Intune Security Guidance Following Stryker “Kill Switch” Attack In the wake of the destructive Handala attack on Stryker Corporation, which saw 80,000 devices wiped via compromised Intune privileges, Microsoft and the community have released detailed guidance to prevent “living off the land” attacks against endpoint management tools [SOCFortress]. The analysis confirms the attackers gained initial access by compromising an admin account and escalating privileges to create a new Global Administrator, effectively turning the management console into a global kill switch. New defensive recommendations emphasize a shift to “Protected Administration”:

  1. Zero Standing Access: Implement Entra Privileged Identity Management (PIM) and Role-Based Access Control (RBAC) to replace blanket admin rights with time-bound, scope-tagged roles.
  2. Phishing-Resistant Auth: Require FIDO2 security keys and Privileged Admin Workstations (PAWs) for all sensitive Intune operations.
  3. Multi-Admin Approval (MAA): Mandate a “two-key” system for high-impact changes, such as device wipes or script deployments, ensuring no single compromised account can execute catastrophic actions [SOCFortress].

[NEW] Google “Advanced Flow” Targets APK Sideloading Scams Google has announced “Advanced Flow,” a new security mechanism for Android designed to reduce malware infections resulting from sideloading apps from unverified developers [BleepingComputer]. Scheduled for rollout in August 2026, this feature introduces significant friction into the installation process to disrupt social engineering scams that rely on urgency. Power users attempting to sideload APKs must enable Developer Mode, confirm they are not being coached by a third party, restart and re-authenticate their device, and wait 24 hours before confirming the installation intent. This deliberate delay aims to break the psychological manipulation cycle used by scammers who coerce victims into installing malicious software under threats of financial or legal harm [BleepingComputer].