In a shocking turn of events, TeamPCP, the notorious cybercriminal gang famously known for their interest in calorie-free malware, has once again proven that they have more than two tricks up their sleeves. This time, the cybersecurity club from the Cloud has dusted off their credentials-stealing toolbox and hit Checkmarx where it really hurts: right in their GitHub Actions.

The two beleaguered workflows, ‘checkmarx/ast-github-action’ and ‘checkmarx/kics-github-action’, have been left vulnerable by the action-packed security specialists themselves. Who knew that maintaining cybersecurity could be as challenging as keeping a pet rock alive? TeamPCP did, apparently.

In related news, GitHub is reportedly considering renaming their ‘Actions’ to ‘Inactions’, a move that’s projected to increase platform accuracy by at least 300%. Meanwhile, Checkmarx is still trying to check their marks, caught in a loop of irony so thick, it’s practically malware-proof.