TeamPCP cloud-native exploitation campaign
Campaign
Summary
Hide ▲
Show ▼
TeamPCP is a cloud-native supply-chain campaign that abuses exposed Docker APIs, Kubernetes clusters, Ray dashboards, Redis servers, and React2Shell (CVE-2025-55182) to seed malicious infrastructure for follow-on abuse. The latest reporting adds a compromised PyPI package, LiteLLM, where versions 1.82.7 and 1.82.8 carried credential-stealing malware that could run on import or when any Python process started, then steal secrets, spread across Kubernetes environments, and install persistent backdoors. The broader campaign also includes malicious Trivy Docker Hub images and the March 22, 2026 defacement of 44 Aqua Security repositories in the aquasec-com GitHub organization.
Related Happenings
Amazon Q Developer MCP trust flaw (CVE-2026-12957)
Vulnerability
H score32
First: 26.06.2026 16:53
Last: 26.06.2026 16:53
Sources 1
About this happening:
**Amazon Q Developer** had a **high-severity** trust-boundary flaw in **MCP server** handling that could let a malicious repository trigger commands on a developer machine and ste...
Amazon Q Developer MCP trust flaw (CVE-2026-12957)
VulnerabilityAbout this happening: **Amazon Q Developer** had a **high-severity** trust-boundary flaw in **MCP server** handling that could let a malicious repository trigger commands on a developer machine and ste...
AWS Continuum launches AI-powered vulnerability management lifecycle platform
Security Tool/Service
H score14
First: 19.06.2026 14:00
Last: 19.06.2026 14:00
Sources 1
About this happening:
**AWS Continuum** launched in **gated preview** as a new **AI-powered vulnerability management platform** for AWS environments, expanding security teams’ ability to manage code fl...
AWS Continuum launches AI-powered vulnerability management lifecycle platform
Security Tool/ServiceAbout this happening: **AWS Continuum** launched in **gated preview** as a new **AI-powered vulnerability management platform** for AWS environments, expanding security teams’ ability to manage code fl...
Google Cloud Vertex AI SDK Python predictable bucket squatting security flaw
Vulnerability
H score1
First: 16.06.2026 22:05
Last: 16.06.2026 22:05
Sources 1
About this happening:
**Google Cloud Vertex AI SDK for Python** had a **predictable temporary bucket** flaw that let an attacker hijack model uploads and reach **code execution** inside Google's servin...
Google Cloud Vertex AI SDK Python predictable bucket squatting security flaw
VulnerabilityAbout this happening: **Google Cloud Vertex AI SDK for Python** had a **predictable temporary bucket** flaw that let an attacker hijack model uploads and reach **code execution** inside Google's servin...
Shai-Hulud worm clone activity on NPM
Malware Activity
H score69
First: 18.05.2026 12:45
Last: 18.05.2026 12:45
Sources 1
About this happening:
The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...
Shai-Hulud worm clone activity on NPM
Malware ActivityAbout this happening: The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...
Node-ipc malicious versions with stealer/backdoor payload
Malware Activity
H score34
First: 14.05.2026 20:22
Last: 14.05.2026 20:22
Sources 1
About this happening:
Three **node-ipc** releases now carry an **obfuscated stealer/backdoor** that can harvest **developer and cloud secrets** from any system that loads the package. The malicious cod...
Node-ipc malicious versions with stealer/backdoor payload
Malware ActivityAbout this happening: Three **node-ipc** releases now carry an **obfuscated stealer/backdoor** that can harvest **developer and cloud secrets** from any system that loads the package. The malicious cod...
Timeline
-
23.03.2026 10:31 2 articles · 3mo ago
TeamPCP malicious Trivy Docker Hub images and Aqua Security repo defacement
Campaign Scope UpdateResearchers uncovered malicious Trivy Docker Hub image tags 0.69.4, 0.69.5, and 0.69.6 tied to TeamPCP; 0.69.5 and 0.69.6 were pushed on March 22 without corresponding GitHub releases or tags. The same reporting says TeamPCP used a compromised service account token to deface all 44 internal repositories in Aqua Security's aquasec-com GitHub organization by renaming them with the tpcp-docs- prefix and exposing them publicly.
Show sources
- Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper — thehackernews.com — 23.03.2026 10:31
- TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise — www.infosecurity-magazine.com — 25.03.2026 14:00
-
09.02.2026 10:37 1 articles · 5mo ago
TeamPCP worm-driven cloud-native exploitation
Exploitation ObservedAround December 25, 2025, TeamPCP used a worm-driven campaign against cloud native environments, abusing exposed Docker APIs, Kubernetes clusters, Ray dashboards, Redis servers, and React2Shell (CVE-2025-55182) to seed malicious infrastructure for follow-on exploitation, including scanning, proxying, persistence, data theft, extortion, and cryptocurrency mining.
Show sources
- TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure — thehackernews.com — 09.02.2026 10:37
-
09.02.2026 10:37 2 articles · 5mo ago
TeamPCP campaign analysis and attribution
Technical Analysis UpdateOn February 9, 2026, researchers attributed the cloud-native cybercrime platform to TeamPCP (aka DeadCatx3, PCPcat, PersyPCP, and ShellForce) and described tooling that leveraged misconfigured Docker APIs, Kubernetes APIs, Ray dashboards, Redis servers, and vulnerable React/Next.js applications to automate exploitation, tunneling, C2 relays, credential harvesting, and malicious container deployment across AWS and Microsoft Azure environments.
Show sources
- TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure — thehackernews.com — 09.02.2026 10:37
- TeamPCP Turns Cloud Infrastructure into Crime Bots — www.darkreading.com — 09.02.2026 23:14