Untitled
5d ago
Source
infosec.exchangeUntitledinfosec.exchangeThe FBI has released a PSA about TeamPCP, a data extortion group blamed for what's been called the longest running streak of software supply-chain hacks ever. TeamPCP is responsible for a godawful number of popular code packages getting backdoored over the past six months. In the process they've compromised even more repos in a wormlike fashion, including a number of security tools like Trivy/Aqua Security, CheckMarx, and LiteLLM. TeamPCP also recently compromised GitHub, infecting at least 3,800 repositories with credential-stealing malware. ic3.gov/CSA/2026/260702.pdf (PDF) # teampcp
You might also wanna read
TeamPCP supply chain attack hits TanStack
ThreatLocker·12d ago
Microsoft uncovers npm supply chain attack stealing cloud and CI/CD credentials via typosquatted packages
Microsoft identified an active supply chain attack (Mini Shai-Hulud campaign) targeting the npm package ecosystem. On May 28, 2026, a threat
microsoft.com·1mo ago
Hacker uses Trojanized Python and PHP Packages to Steal AWS Keys
Packetlabs·4y ago
Red Hat npm supply chain attack compromises 32 packages with credential-stealing malware
A supply chain attack targeted Red Hat's npm namespace (@redhat-cloud-services), with 96 compromised versions across 32 packages backdoored
Shai-Hulud: Largest npm Supply-Chain Compromise Affecting CrowdStrike and Hundreds of Packages
The Shai-Hulud malware campaign represents the largest and most dangerous npm supply-chain compromise in history, affecting hundreds of pack
Trivy GitHub Actions Compromised in Supply Chain Attack, Exposing CI/CD Secrets
A new supply chain attack targeting Trivy's GitHub Actions has been disclosed, where attackers compromised the security scanner by force-upd

Comments
Sign in to join the conversation.
No comments yet. Be the first.