TeamPCP deploys CanisterWorm on NPM following Trivy compromise
TeamPCP deploys CanisterWorm on NPM following Trivy compromise Category: Vulnerabilities & Threats
Read the full articleYou might also wanna read
Trivy Supply Chain Compromise: What Happened, What Was Stolen, and How to Respond
A consolidated technical reference for the TeamPCP supply chain attack against Aqua Security's Trivy scanner. Covers the full attack chain f
TeamPCP Supply Chain Attack: The npm Worm That Hit GitHub, OpenAI, and Mistral AI
Between May 11 and May 19, 2026, a threat actor called TeamPCP poisoned 170+ npm/PyPI packages, hijacked a VS Code extension with 2.2M insta
Trivy GitHub Actions Compromised in Supply Chain Attack, Exposing CI/CD Secrets
Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.

Bun v0.6.3
Introducing `node:vm` support, support for `socket.io` and `mongodb`, `test.todo()`, and many bug fixes for the bundler.
LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign
On March 24 and 27, 2026, malicious PyPI releases of LiteLLM and Telnyx were published as part of the TeamPCP supply chain campaign. We trac
GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension
The prolific threat group TeamPCP has claimed a hack into GitHub’s internal repositories

Comments
Sign in to join the conversation.
No comments yet. Be the first.