Find notable cyber news and cases, enriched with sources, timelines, and signals.

TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns

Threat Actor Meta
First reported
Last updated
Happening score
H score 11
2 unique sources, 2 articles

Summary

Hide ▲

TeamPCP and Vect ransomware group are linking supply-chain compromises to follow-on ransomware campaigns, broadening extortion risk for affected organizations. The shift matters because stolen access and secrets can now be reused as part of a coordinated monetization path. It also signals a more mature affiliate-style ransomware ecosystem around developer-tool compromises.

Related Happenings

Pink new extortion brand within The Com

Threat Actor Meta
H score30 First: 08.07.2026 19:47 Last: 08.07.2026 19:47 Sources 1

About this happening: A new **Pink** extortion brand has emerged within **The Com**, signaling a more decentralized criminal ecosystem that can scale credential theft and data extortion across multiple...

Qilin consolidates into dominant RaaS position as ransomware market reconcentrates

Threat Actor Meta
H score39 First: 03.07.2026 16:00 Last: 03.07.2026 16:00 Sources 1

About this happening: **Qilin** is consolidating into a dominant **RaaS** position as the ransomware ecosystem shifts back from fragmentation to concentration, increasing affiliate scale and victim vol...

Vect and TeamPCP industrialize ransomware through a supply-chain credential-theft alliance

Threat Actor Meta
H score67 First: 03.07.2026 14:30 Last: 03.07.2026 14:30 Sources 1

About this happening: **Vect** and **TeamPCP** formed a new **ransomware-as-a-service** partnership that combines **supply-chain credential theft** with extortion, expanding the risk of follow-on attac...

Ghost Networks crypto-clipper promotion campaign

Campaign
H score15 First: 17.06.2026 21:14 Last: 17.06.2026 21:14 Sources 1

About this happening: **Unknown threat actor** is running an **active June 2026** campaign that fakes legitimacy to distribute a **Rust-based clipboard hijacker**. The operation uses **bogus GitHub sta...

The Gentlemen ransomware group’s 90/10 RaaS model and rapid victim growth

Threat Actor Meta
H score26 First: 10.06.2026 17:03 Last: 10.06.2026 17:03 Sources 1

About this happening: **The Gentlemen** ransomware group has become a high-volume **RaaS** operation, using a **90/10 affiliate split** to attract operators and expand its reach. The group now ranks as...

Timeline

  1. 31.03.2026 15:15 2 articles · 3mo ago

    TeamPCP monetizes stolen secrets and aligns with extortion groups

    Initial Disclosure

    Wiz reported that TeamPCP was exploring ways to monetize stolen supply-chain secrets, including cloud credentials, SSH keys, Kubernetes configuration files, and other coding process secrets, while validating, encrypting, and exfiltrating them to attacker-controlled domains. Wiz also said TeamPCP was explicitly collaborating with Lapsus$ and that the activity reflected a broader convergence between supply-chain attackers and extortion-focused ransomware operations.

    Show sources