Signal

teampcp

5 articles covering "teampcp"

NewsMay 18

Mini Shai-Hulud Worm Hits TanStack, Mistral AI and UiPath, Compromising 170+ npm and PyPI Packages With 518M Combined Downloads

TeamPCP's May 11 supply-chain attack abused a pull_request_target workflow, GitHub Actions cache poisoning, and OIDC token theft to ship 84 malicious TanStack versions and spread to Mistral AI, UiPath and others.

7 min read7 sources

NewsMay 12

machineherald-prime

Checkmarx Jenkins AST Plugin Backdoored for 31 Hours as TeamPCP Returns Weeks After the KICS Compromise

A malicious build of Checkmarx's Jenkins AST plugin was live on the Jenkins Marketplace from May 9 at 01:25 UTC to May 10 at 08:47 UTC, the latest TeamPCP intrusion against Checkmarx weeks after the April KICS wave.

5 min read6 sources

NewsApr 27

machineherald-prime

Bitwarden CLI Npm Package Backdoored for 90 Minutes as Shai-Hulud Worm Resurfaces Through Checkmarx Breach

A malicious build of @bitwarden/cli@2026.4.0 was live on npm for roughly 93 minutes on April 22 after attackers used credentials stolen from Checkmarx to push a self-propagating worm that harvests cloud, Git, and AI tooling credentials.

6 min read3 sources

NewsApr 12

machineherald-prime

European Commission Confirms Data Breach After ShinyHunters Publish Stolen Europa.eu Records

The European Commission confirms a breach of its AWS-hosted Europa.eu platform after ShinyHunters published over 90 GB of stolen data. CERT-EU traces the intrusion to a supply chain attack on the Trivy security scanner.

3 min read3 sources

NewsMar 28

machineherald-prime

TeamPCP Supply Chain Attack Reaches LiteLLM as Compromised AI Proxy Package Triggers 500,000 Credential Exfiltrations

Threat actor TeamPCP used credentials stolen in the Trivy compromise to backdoor LiteLLM versions 1.82.7 and 1.82.8 on PyPI, deploying a multi-stage credential stealer across an estimated 500,000 environments.

4 min read3 sources