1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP
What happened A supply chain attack campaign attributed to TeamPCP, dubbed Mini Shai-Hulud, has compromised packages across the PyPI, NPM,...
TeamPCP
Bitwarden CLI Compromise Linked to Ongoing Checkmarx Supply Chain Campaign
The command line interface (CLI) of the popular Bitwarden open source password manager is the latest target the ongoing Checkmarx...
European Commission breach exposed data of 30 EU entities, CERT-EU says
European Commission breach exposed data of 30 EU entities, CERT-EU says Pierluigi Paganini April 04, 2026 CERT-EU says a European...
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python...
AI Infrastructure LiteLLM Supply Chain Poisoning Alert
Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in...
How GitGuardian Enables Rapid Response to the LiteLLM Supply Chain Attack
The TeamPCP supply chain attack compromised LiteLLM packages 1.82.7 and 1.82.8, stealing SSH keys, cloud credentials, API tokens, and...
Malicious LiteLLM versions linked to TeamPCP supply chain attack
Malicious LiteLLM versions linked to TeamPCP supply chain attack Pierluigi Paganini March 25, 2026 TeamPCP backdoored LiteLLM v1.82.7–1.82.8, likely via...
TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named...
‘CanisterWorm’ Springs Wiper Attack Targeting Iran
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm...
