June 18, 2026 Introduction An autonomous bot first exploited a pull_request_target misconfiguration in the AquaSecurity/Trivy scanner GitHub repository to steal an access token. TeamPCP subsequently used the stolen credentials to push malicious commits to the Trivy repository. These commits triggered the automated release pipeline, resulting in the distribution of backdoored binaries. The embedded malware was … Continue reading TeamPCP Malware Analysis: PNG Payload, Donut Loader, and AdaptixC2 RAT