TeamPCP Archives

Malware & Threats

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

A compromised maintainer account was used to publish malicious package versions across the @antv namespace.

Ionut ArghireMay 20, 2026

Data Breaches

GitHub Confirms Hack Impacting 3,800 Internal Repositories

The TeamPCP hacking group accessed the repositories after a GitHub employee installed a poisoned VS Code extension.

Ionut ArghireMay 20, 2026

Malware & Threats

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code

The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards.

Ionut ArghireMay 15, 2026

Malware & Threats

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 400 malicious versions of 170 packages were published as part of the new Mini Shai-Hulud campaign.

Ionut ArghireMay 12, 2026

Supply Chain Security

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack

A malicious version of the plugin was published to the Jenkins Marketplace late last week.

Ionut ArghireMay 11, 2026

Malware & Threats

‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials

The malware framework targets web applications and cloud environments, including AWS, Docker, Kubernetes, and more.

Ionut ArghireMay 8, 2026

Malware & Threats

SAP NPM Packages Targeted in Supply Chain Attack

The Mini Shai-Hulud attack introduced a preinstall hook to fetch and execute a Bun binary and bypass security monitoring.

Ionut ArghireApril 30, 2026

Data Breaches

Checkmarx Confirms Data Stolen in Supply Chain Attack

The hackers exfiltrated the data from Checkmarx’s GitHub environment on March 30, a week after publishing malicious code.

Ionut ArghireApril 29, 2026

Supply Chain Security

Bitwarden NPM Package Hit in Supply Chain Attack

Tied to a fresh Checkmarx supply chain attack claimed by TeamPCP, the incident references the Shai-Hulud worm.

Ionut ArghireApril 24, 2026

Data Breaches

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

Hackers stole over 300GB of data from the Commission’s AWS environment, including personal information.

Ionut ArghireApril 4, 2026

Supply Chain Security

Mercor Hit by LiteLLM Supply Chain Attack

The AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data.

Ionut ArghireApril 2, 2026

Application Security

TeamPCP Moves From OSS to AWS Environments

After validating stolen credentials using TruffleHog, the hacking group started AWS services enumeration and lateral movement activities.

Ionut ArghireMarch 31, 2026

Malware & Threats

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

Two malicious versions of the popular SDK were uploaded to the PyPI registry, targeting Windows, macOS, and Linux.

Ionut ArghireMarch 30, 2026

Application Security

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.

Ionut ArghireMarch 25, 2026

SECURITYWEEK NETWORK:

ICS:

All posts tagged "TeamPCP"

Malware & Threats

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

Data Breaches

GitHub Confirms Hack Impacting 3,800 Internal Repositories

Malware & Threats

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code

Malware & Threats

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Supply Chain Security

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack

Malware & Threats

‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials

Malware & Threats

SAP NPM Packages Targeted in Supply Chain Attack

Data Breaches

Checkmarx Confirms Data Stolen in Supply Chain Attack

Supply Chain Security

Bitwarden NPM Package Hit in Supply Chain Attack

Data Breaches

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

Supply Chain Security

Mercor Hit by LiteLLM Supply Chain Attack

Application Security

TeamPCP Moves From OSS to AWS Environments

Malware & Threats

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

Application Security

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

Featured

Artificial Intelligence

Anthropic Launches Claude Fable 5: Mythos-Class AI With Cybersecurity Guardrails

Artificial Intelligence

Will AI Kill the Bug Bounty Industry?

Vulnerabilities

Google Patches 5th Chrome Zero-Day Exploited in 2026

Privacy & Compliance

WhatsApp Catches Spyware Firm NSO Defying No-Hacking Court Order

Data Breaches

Meta Says 20,000 Instagram Accounts Hacked via AI Tool Abuse

Supply Chain Security

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

Artificial Intelligence

Industry Reactions to New Trump AI Cybersecurity Executive Order: Feedback Friday

Latest News

Vulnerabilities

Microsoft Patches 200 Vulnerabilities

Vulnerabilities

Adobe Patches 123 Vulnerabilities

Vulnerabilities

OpenSSL Patches High-Severity Vulnerability Found With AI

Artificial Intelligence

Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation

Application Security

New Platform Uses Cryptographic Invisibility to Protect AI-Built Applications

Vulnerabilities

SAP Patches Critical NetWeaver, Commerce Vulnerabilities

Malware & Threats

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Daily Briefing Newsletter