Incident Critical GitHub Actions PyPI The TeamPCP Supply Chain Cascade: How One Compromised Action Poisoned Three Open Source Projects TeamPCP supply chain cascade: Pwn Request on Trivy's CI, 76 force-pushed Actions tags, runner memory scraping, and PyPI wheel injection. Daniel Malvaceda · Apr 1, 2026 · 2 min read