TeamPCP

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

AndyC 13 May 2026

TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and...

ConsentFix v3 Automates OAuth Abuse to Bypass MFA and Hijack Azure Accounts

1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP

AndyC 3 May 2026

What happened A supply chain attack campaign attributed to TeamPCP, dubbed Mini Shai-Hulud, has compromised packages across the PyPI, NPM,...

[un]prompted 2026 – Breaking The Lethal Trifecta (Without Ruining Your Agents)

Bitwarden CLI Compromise Linked to Ongoing Checkmarx Supply Chain Campaign

AndyC 24 April 2026

The command line interface (CLI) of the popular Bitwarden open source password manager is the latest target the ongoing Checkmarx...

European Commission breach exposed data of 30 EU entities, CERT-EU says

AndyC 5 April 2026

European Commission breach exposed data of 30 EU entities, CERT-EU says Pierluigi Paganini April 04, 2026 CERT-EU says a European...

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

AndyC 28 March 2026

TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python...

AI Infrastructure LiteLLM Supply Chain Poisoning Alert

AndyC 27 March 2026

Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in...

How GitGuardian Enables Rapid Response to the LiteLLM Supply Chain Attack

AndyC 26 March 2026

The TeamPCP supply chain attack compromised LiteLLM packages 1.82.7 and 1.82.8, stealing SSH keys, cloud credentials, API tokens, and...

Malicious LiteLLM versions linked to TeamPCP supply chain attack

AndyC 26 March 2026

Malicious LiteLLM versions linked to TeamPCP supply chain attack Pierluigi Paganini March 25, 2026 TeamPCP backdoored LiteLLM v1.82.7–1.82.8, likely via...

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

AndyC 25 March 2026

TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named...

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

AndyC 24 March 2026

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm...

TeamPCP

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP

European Commission breach exposed data of 30 EU entities, CERT-EU says

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

AI Infrastructure LiteLLM Supply Chain Poisoning Alert

How GitGuardian Enables Rapid Response to the LiteLLM Supply Chain Attack

Malicious LiteLLM versions linked to TeamPCP supply chain attack

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

Protecting legacy OT systems against modern cyberthreats

Lessons for life: Why children’s data is a long-term identity risk

This month in security with Tony Anscombe – May 2026 edition

ESET APT Activity Report Q4 2025–Q1 2026

What to consider before asking an AI chatbot for health advice

BTMOB: A stealthy RAT burrowing deep into Android devices

Donate Bitcoin to this address

Donate Ethereum to this address

Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed

Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed

Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed

Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed

Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed