TeamPCP

A GitHub employee's device was compromised via a malicious VS Code extension, leading to the theft of approximately 3,800 internal repositories by threat actor TeamPCP (UNC6780), who then offered the data for sale.

The TeamPCP hacking group released the source code of the Shai-Hulud worm impacting npm and PyPI, prompting European governments to seek secure messaging alternatives due to phishing risks and data sovereignty concerns, while historical analysis reveals the Fast16 malware targeted Iran's nuclear program by tampering with simulation software.

TeamPCP compromised the PyPi package durabletask (versions 1.4.1, 1.4.2, and 1.4.3), stealing credentials for AWS, Azure, GCP, K8s, and Vault, brute-forcing passwords from password managers, and exfiltrating shell history before propagating to up to 5 targets via AWS SSM and Kubernetes.

TeamPCP is conducting a multi-ecosystem supply chain attack targeting the open-source ecosystem, specifically NPM packages, GitHub Actions, and VSCode extensions, to harvest credentials, exfiltrate sensitive data, and establish persistent access on infected systems via a Python-based backdoor.

OpenAI was impacted by the TanStack supply chain attack, resulting in two employee devices being compromised and the exfiltration of credential material from internal source code repositories.

The Shai-Hulud malware was used in a large-scale software supply-chain attack compromising hundreds of packages across open-source software ecosystems by compromising developer secrets and CI/CD pipelines.

The Mini Shai-Hulud supply chain campaign, attributed to TeamPCP, has compromised several npm packages, including those within the @tanstack, @uipath, and @mistralai namespaces, leading to credential theft and potential further compromise.

Threat actors are compromising npm packages, including those targeting SAP developers, to steal credentials, embed themselves in CI/CD pipelines, and deploy multi-stage payloads using techniques like wormable propagation and covert C2 channels on GitHub.

The Mini Shai-Hulud campaign injected malicious code into SAP NPM packages, targeting credentials and cloud secrets related to SAP Cloud Application Programming (CAP) and SAP cloud deployment workflows, exfiltrating data through public GitHub repositories.

Multiple official SAP npm packages were compromised via a supply chain attack, likely by TeamPCP, to steal credentials and authentication tokens from developers' systems.

VECT 2.0 ransomware, a RaaS offering, permanently destroys large files due to an encryption flaw, discarding decryption nonces for files above 128 KB, rendering them unrecoverable and effectively acting as a wiper; it uses raw ChaCha20-IETF with no authentication.

The April 2026 Red Canary Intelligence Insights highlights the axios npm compromise, TeamPCP's LiteLLM compromise via PyPI, and a surge in Microsoft Teams phishing, leading to RAT deployment, credential harvesting, ransomware deployment, or data theft.

Multiple supply chain attacks, including the compromise of Axios and Trivy via hijacked GitHub repositories by TeamPCP, demonstrate the increasing threat to open-source software.

A threat actor compromised the PyPI package `telnyx`, uploading malicious versions 4.87.1 and 4.87.2 containing credential-stealing malware that exfiltrates data to a C2 server.

The TeamPCP threat actor compromised the Telnyx PyPI package, injecting credential-stealing malware hidden within WAV audio files to target Linux, macOS, and Windows systems.

TeamPCP compromised CI/CD pipelines and GitHub accounts of multiple companies by deploying an infostealer to extract credentials from CI environments, .env files, and cloud tokens, impacting projects like Trivy, KICS, and LiteLLM.

TeamPCP conducted a supply chain attack compromising the KICS GitHub Action, impacting users who integrated the compromised version into their CI/CD pipelines.

TeamPCP's CanisterWorm is a newly identified Kubernetes wiper targeting Iranian infrastructure, indicating a politically motivated destructive attack.

TeamPCP deployed the CanisterWorm malware on the NPM package registry following a compromise of the Trivy scanning tool.