The brothers wiped approximately 96 government databases, including investigative files and FOIA records maintained by several federal agencies.
Organizations are strongly recommended to apply security updates ASAP.
The attackers were able to generate valid SLSA Build Level 3 provenance attestations, making the infected packages appear authentic and cryptographically verified.
TeamPCP gained access to Checkmarx GitHub repositories using credentials stolen during the March Trivy compromise.
Telemetry identified more than 2,000 attacker IP addresses involved in automated exploitation campaigns worldwide.
The Python-based exploit showed several signs of AI generation, including unusually detailed educational docstrings, and a hallucinated CVSS score.
The incident was part of a broader cyber campaign targeting nine federal, state and municipal government agencies across Mexico.
