TeamPCP

Default Author Image

The Mini Shai-Hulud Worm and the New Era of CI/CD Exploitation

| | CI-CD, cyber threat intelligence, DevSecOps, FEATURED, Illicit communities, software supply chain security, TeamPCP, Vulnerability Management, worm
In this post we break down the technical mechanics of TeamPCP’s recent campaign, the impact on the developer ecosystem, and the urgent steps needed to secure software supply chains. The post The ...
Threat Intelligence Blog | Flashpoint

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

| | Cyber threats and incidents, NPM supply chain, Shai-Hulud, TeamPCP
What happened TeamPCP’s Mini Shai-Hulud supply chain campaign has expanded again, with over 320 npm packages compromised through a hijacked maintainer account in the @antv namespace. The compromised account, atoll, also publishes ...
CISO Whisperer
Microsoft Windows malware software supply chain

Google Detects AI-Created Exploit, Thwarts ‘Mass Exploitation Operation’

| | AI malware, AI Security in LLM, Anthropic AI, China-nexus cyber attacks, Google Threat Intelligence, Microsoft AI, North Korean Threat Actors, OpenAI, TeamPCP, Zero-day Exploit
Google threat researchers detected what is believed to be the first documented instance of a zero-day exploit that was generated by an AI model that was created by a group of threat ...
Security Boulevard
Microsoft Windows malware software supply chain

Bitwarden CLI Compromise Linked to Ongoing Checkmarx Supply Chain Campaign

| | AI, Bitwarden, Checkmarx, CI/CD Security, GitHub, JFrog Security, MCP, npm repository, OX Security, Shai-Hulud, Socket, StepSecurity, supply chain attack, TeamPCP, Trivy
A compromise of the popular Bitwarden password manager is linked to the ongoing Checkmarx supply chain campaign, with bad actor injecting malicious code in a version of its CLI. However, while there ...
Security Boulevard
AI Infrastructure LiteLLM Supply Chain Poisoning Alert

AI Infrastructure LiteLLM Supply Chain Poisoning Alert

| | AI Risk, AI Security, Blog, Emergency Response, LiteLLM, llm security, supply chain attack, TeamPCP
Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had suffered supply chain ...
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Rick Astley - Never Gonna Give You Up (Official Video) (4K Remaster)

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

| | A Little Sunshine, Aikido, aqua security, Assaf Morag, CanisterWorm, Catalin Cimpanu, Charlie Eriksen, Flare, icp, Internet Computer Protocol, Latest Warnings, Ne'er-Do-Well News, Ransomware, TeamPCP, The Coming Storm, Trivy, Wiz
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected ...
Krebs on Security