Tag: teampcp

This is the second update to the TeamPCP supply chain campaign threat intelligence report, „When the Security Scanner Became the Weapon“ (v3.0, March 25, 2026). Update 001 covered developments through March 26. This update covers developments from March 26-27, 2026.

This is the first update to the TeamPCP supply chain campaign threat intelligence report, „When the Security Scanner Became the Weapon“ (v3.0, March 25, 2026). That report covers the full campaign from the February 28 initial access through the March 24 LiteLLM PyPI compromise. This update covers developments since publication.

As organizations disclose breaches tied to TeamPCP’s supply chain attacks, ShinyHunters and Lapsus$ are getting involved, taking credit, and creating a murky situation for enterprises.

This is the sixth update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon“ (v3.0, March 25, 2026). Update 005 covered developments through April 1, including the first confirmed victim disclosure (Mercor AI), Wiz's post-compromise cloud enumeration findings, DPRK attribution of the axios compromise, and LiteLLM's release resumption after Mandiant's forensic audit. […]

This is the fifth update to the TeamPCP supply chain campaign threat intelligence report, „When the Security Scanner Became the Weapon“ (v3.0, March 25, 2026). Update 004 covered developments through March 30, including the Databricks investigation, dual ransomware operations, and AstraZeneca data release. This update consolidates two days of intelligence through April 1, 2026.

This is the fourth update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon“ (v3.0, March 25, 2026). Update 003 covered developments through March 28, including the first 48-hour pause in new compromises and the campaign's shift to monetization. This update consolidates intelligence from March 28-30, 2026 — two days […]

TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. […]

TeamPCP’s Checkmarx GitHub Actions Attack: What You Need to Know A supply chain incident becomes far more dangerous when it stops looking like a single breach and starts behaving like a multiplier. That is what made the TeamPCP campaign stand out in March 2026. The compromise of Checkmarx GitHub Actions and developer tooling became one […]

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx’s KICS and VS Code plug-ins, and the LiteLLM AI library — and all signs point to more attacks to come.