TeamPCP

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

Malware & Threats, Mini Shai-Hulud, supply chain attack, Supply Chain Security, TeamPCP /

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack 2026-05-20 at 14:21 By Ionut Arghire A compromised maintainer account was used to publish malicious package versions across the @antv namespace. The post Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack appeared first on SecurityWeek. This article is an […]

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack Read More »

GitHub Confirms Hack Impacting 3,800 Internal Repositories

Data Breaches, Featured, GitHub, TeamPCP /

GitHub Confirms Hack Impacting 3,800 Internal Repositories 2026-05-20 at 13:02 By Ionut Arghire The TeamPCP hacking group accessed the repositories after a GitHub employee installed a poisoned VS Code extension. The post GitHub Confirms Hack Impacting 3,800 Internal Repositories appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

GitHub Confirms Hack Impacting 3,800 Internal Repositories Read More »

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code

Malware, Malware & Threats, Shai-Hulud, source code, Supply Chain Security, TeamPCP, worm /

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code 2026-05-15 at 14:32 By Ionut Arghire The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards. The post TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code Read More »

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Featured, Malware & Threats, Mini Shai-Hulud, supply chain attack, Supply Chain Security, TeamPCP /

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack 2026-05-12 at 13:20 By Ionut Arghire Over 400 malicious versions of 170 packages were published as part of the new Mini Shai-Hulud campaign. The post TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack Read More »

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack

Checkmarx, Jenkins, supply chain attack, Supply Chain Security, TeamPCP, Trivy /

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack 2026-05-11 at 13:57 By Ionut Arghire A malicious version of the plugin was published to the Jenkins Marketplace late last week. The post Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack Read More »

‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials

Malware, Malware & Threats, PCPJack, TeamPCP, worm /

‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials 2026-05-08 at 11:32 By Ionut Arghire The malware framework targets web applications and cloud environments, including AWS, Docker, Kubernetes, and more. The post ‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials Read More »

SAP NPM Packages Targeted in Supply Chain Attack

Malware & Threats, NPM, SAP, Shai-Hulud, supply chain attack, Supply Chain Security, TeamPCP /

SAP NPM Packages Targeted in Supply Chain Attack 2026-04-30 at 17:35 By Ionut Arghire The Mini Shai-Hulud attack introduced a preinstall hook to fetch and execute a Bun binary and bypass security monitoring. The post SAP NPM Packages Targeted in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

SAP NPM Packages Targeted in Supply Chain Attack Read More »

Checkmarx Confirms Data Stolen in Supply Chain Attack

Checkmarx, data breach, Data Breaches, Lapsus$, supply chain attack, TeamPCP /

Checkmarx Confirms Data Stolen in Supply Chain Attack 2026-04-29 at 14:03 By Ionut Arghire The hackers exfiltrated the data from Checkmarx’s GitHub environment on March 30, a week after publishing malicious code. The post Checkmarx Confirms Data Stolen in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Checkmarx Confirms Data Stolen in Supply Chain Attack Read More »

Bitwarden NPM Package Hit in Supply Chain Attack

Bitwarden, NPM, Shai-Hulud, supply chain attack, Supply Chain Security, TeamPCP /

Bitwarden NPM Package Hit in Supply Chain Attack 2026-04-24 at 11:27 By Ionut Arghire Tied to a fresh Checkmarx supply chain attack claimed by TeamPCP, the incident references the Shai-Hulud worm. The post Bitwarden NPM Package Hit in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Bitwarden NPM Package Hit in Supply Chain Attack Read More »

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

data breach, Data Breaches, EU, European Commission, Featured, supply chain attack, TeamPCP, Trivy /

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack 2026-04-04 at 13:31 By Ionut Arghire Hackers stole over 300GB of data from the Commission’s AWS environment, including personal information. The post European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Read More »

Mercor Hit by LiteLLM Supply Chain Attack

AI, data breach, Featured, LiteLLM, Mercor, supply chain attack, Supply Chain Security, TeamPCP /

Mercor Hit by LiteLLM Supply Chain Attack 2026-04-02 at 13:45 By Ionut Arghire The AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data. The post Mercor Hit by LiteLLM Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Mercor Hit by LiteLLM Supply Chain Attack Read More »

TeamPCP Moves From OSS to AWS Environments

Application Security, AWS, cloud security, supply chain attack, TeamPCP /

TeamPCP Moves From OSS to AWS Environments 2026-03-31 at 17:42 By Ionut Arghire After validating stolen credentials using TruffleHog, the hacking group started AWS services enumeration and lateral movement activities. The post TeamPCP Moves From OSS to AWS Environments appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

TeamPCP Moves From OSS to AWS Environments Read More »

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

Malware & Threats, open source, PyPI, supply chain attack, Supply Chain Security, TeamPCP, Telnyx /

Telnyx Targeted in Growing TeamPCP Supply Chain Attack 2026-03-30 at 14:26 By Ionut Arghire Two malicious versions of the popular SDK were uploaded to the PyPI registry, targeting Windows, macOS, and Linux. The post Telnyx Targeted in Growing TeamPCP Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Telnyx Targeted in Growing TeamPCP Supply Chain Attack Read More »

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

Application Security, Featured, Lapsus$, Malware & Threats, NPM, OSS, PyPI, supply chain attack, TeamPCP /

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI 2026-03-25 at 14:00 By Ionut Arghire The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$. The post From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI appeared

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI Read More »

Scroll to Top