Sponsor of the Day:
Jerkmate
https://www.infosecurity-magazine.com/news/teampcp-exploit-stolen-supply/
TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets - Infosecurity Magazine
Apr 3, 2026 - TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ and Vect ransomware gangs
supply chaininfosecurity magazineteampcpexploresways
https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm
Popular telnyx package compromised on PyPI by TeamPCP
Mar 27, 2026 - The popular telnyx packageon PyPI, used by big AI companies, has been compromised by TeamPCP
package compromisedpopulartelnyxpypiteampcp
https://flare.io/learn/resources/blog/teampcp-cloud-native-ransomware
Threat Alert: TeamPCP, An Emerging Force - Flare
Apr 24, 2026 - TeamPCP (a.k.a. PCPcat, ShellForce, and DeadCatx3) launched a massive campaign in December 2025 targeting cloud native environments as part of a worm-driven...
threat alertteampcpemergingforceflare
https://thehackernews.com/2026/03/teampcp-backdoors-litellm-versions.html
TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise
Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide persistence and lateral spread.
versions 1ci cdteampcpbackdoorslitellm
https://thehackernews.com/2026/03/teampcp-pushes-malicious-telnyx.html
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.
wav filesteampcppushesmalicioustelnyx
https://securitylabs.datadoghq.com/articles/litellm-compromised-pypi-teampcp-supply-chain-campaign/
LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign | Datadog...
On March 24 and 27, 2026, malicious PyPI releases of LiteLLM and Telnyx were published as part of the TeamPCP supply chain campaign. We trace the full campaign...
teampcp supply chainlitellmtelnyxcompromisedpypi
https://www.endorlabs.com/learn/teampcp-strikes-again-telnyx-compromised-three-days-after-litellm
TeamPCP Strikes Again: Telnyx Compromised Three Days After LiteLLM | Blog | Endor Labs
TeamPCP Strikes Again: Telnyx Compromised Three Days After LiteLLM
blog endor labsthree daysteampcpstrikestelnyx
https://www.securityweek.com/teampcp-moves-from-oss-to-aws-environments/
TeamPCP Moves From OSS to AWS Environments - SecurityWeek
Apr 1, 2026 - The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS environments.
teampcpmovesossawsenvironments
https://joripress.com/Compromised-Namastex-npm-Packages-Deliver-TeamPCP-Style-CanisterWorm-Malware
Compromised Namastex npm Packages Deliver TeamPCP-Style CanisterWorm Malware - JoriPress
Apr 23, 2026 - cybersecurity, npm, supply‑chain, malware, business risk, DefendMyBusiness
npm packagescompromiseddeliverteampcpstyle
https://thenewstack.io/teampcp-trivy-supply-chain-attack/
How TeamPCP turned Aqua Security's own Trivy scanner into a weapon against millions of developers -...
Apr 13, 2026 - TeamPCP's supply chain attack on Aqua Security's Trivy scanner led to credential theft across npm, PyPI, and GitHub Actions, compromising millions of downloads.
aqua securityteampcpturnedtrivyscanner
https://thenewstack.io/cicd-pipeline-front-line/
The TeamPCP attacks are a warning: Your CI/CD pipeline is the new front line - The New Stack
TeamPCP attacks show CI/CD pipelines are the new security front line. Dan Lorenc shares how to fix flawed supply chain trust assumptions.
ci cd pipelinenew frontteampcpattackswarning
https://www.helpnetsecurity.com/2026/03/25/teampcp-supply-chain-attacks/
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks - Help Net Security
Mar 27, 2026 - A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP cybercriminals.
teampcp supply chainlitellm pypipackages compromisedattacks helpexpanding
https://www.ox.security/blog/teampcps-telnyx-windows-malware-technical-analysis/
TeamPCP's Telnyx Windows Malware: Technical Analysis | OX Security
OX Security analyzes TeamPCP’s Telnyx malware—multi-stage payloads, steganography, C2 comms, and credential theft impacting Windows systems.
technical analysisox securityteampcptelnyxwindows
https://nefariousplan.com/posts/teampcp-they-came-for-the-scanners
TeamPCP Came for the Scanners · nefariousplan.com
Apr 26, 2026 - Your CI pipeline runs Trivy. It scans containers, scans IaC, flags vulnerable dependencies. It's the canary. It's trusted. It runs early in the pipeline with...
teampcpcamescannersnefariousplan
https://thehackernews.com/2026/02/teampcp-worm-exploits-cloud.html
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Worm-driven TeamPCP campaign exploits Docker, Kubernetes, Redis, Ray, and React2Shell to build proxy infrastructure for data theft and ransomware.
cloud infrastructureteampcpwormexploitsbuild
https://www.infosecurity-magazine.com/news/teampcp-litellm-pypi-supply-chain/
TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise - Infosecurity Magazine
Apr 9, 2026 - Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group
supply chain campaignlitellm pypiinfosecurity magazineteampcpexpands
https://ramimac.me/teampcp/
Incident Timeline // TeamPCP Supply Chain Campaign
Apr 7, 2026 - Timeline and IOCs for TeamPCP's March 2026 supply chain campaign. Trivy, KICS, LiteLLM, and 45+ npm packages compromised through chained credential theft.
teampcp supply chainincidenttimelinecampaign
https://www.sans.org/white-papers/when-security-scanner-became-weapon
When the Security Scanner Became the Weapon: TeamPCP Supply Chain TTP Report | SANS Institute
Download the TeamPCP threat intelligence report. Analyze a real-world supply chain attack across CI/CD, cloud, and AI systems with TTPs, IOCs, and actionable...
teampcp supply chainsecurity scannersans institutebecameweapon
https://krebsonsecurity.com/tag/teampcp/
TeamPCP – Krebs on Security
teampcpkrebssecurity
https://www.sans.org/blog/when-security-scanner-became-weapon-inside-teampcp-supply-chain-campaign
When the Security Scanner Became the Weapon: Inside the TeamPCP Supply Chain Campaign | SANS...
Mar 26, 2026 - A trusted security scanner was weaponized. One stolen token cascaded across five ecosystems—CI/CD, npm, Docker, and AI infrastructure. The TeamPCP campaign...
teampcp supply chainsecurity scannerbecameweaponinside
https://therecord.media/european-commission-cyberattack-teampcp
EU cyber agency attributes major data breach to TeamPCP hacking group | The Record from Recorded...
Apr 3, 2026 - The European Union’s cybersecurity agency said the hacking group TeamPCP was behind a massive recent data breach at the European Commission.
major data breacheu cyberhacking groupagencyattributes
https://research.jfrog.com/post/team-pcp-strikes-again-telnyx-popular-library-hit/
TeamPCP strikes again - telnyx popular PyPI library compromised - JFrog Security Research
On March 27th, the telnyx popular PyPI library was compromised. new versions of telnyx were uploaded to PyPI, 4.87.1 and 4.87.2. Both contains malicous...
jfrog security researchteampcpstrikestelnyxpopular
https://www.numerama.com/cyberguerre/2217675-cinq-jours-pour-infiltrer-trois-heures-pour-tout-voler-comment-des-hackers-ont-piege-des-millions-de-developpeurs-ia.html
Cyberattaque LiteLLM : des millions de développeurs Python piégés par TeamPCP - Numerama
Mar 25, 2026 - Dans un article de blog publié le 24 mars 2026, les chercheurs de l'entreprise de cybersécurité Snyk reviennent sur le déroulé d'une attaque menée contre la...
des millions decyberattaquelitellmpythonpar
https://phoenix.security/teampcp-litellm-supply-chain-compromise-pypi-credential-stealer-kubernetes/
LiteLLM Backdoored by TeamPCP: PyPI Supply Chain Attack (2026)
Mar 30, 2026 - TeamPCP backdoored LiteLLM v1.82.7 and v1.82.8 on PyPI with a credential stealer, K8s lateral movement, and persistent backdoor. Full IOCs, detection, and...
pypi supply chainattack 2026litellmbackdooredteampcp
https://hashnode.com/posts/teampcp-european-commission-breach-30-eu-entities-compromised/69cfc7da62738eee3c579c94
Discussion on "TeamPCP European Commission Breach: 30 EU Entities Compromised" | Hashnode
european commissiondiscussionteampcpbreach30