Find notable cyber news and cases, enriched with sources, timelines, and signals.

TeamPCP supply-chain ecosystem shift and extortion partnerships

Threat Actor Meta
First reported
Last updated
Happening score
H score 15
1 unique sources, 1 articles

Summary

Hide ▲

TeamPCP has expanded its supply-chain abuse model across open-source ecosystems, raising the risk of downstream compromise and extortion at scale. The group has corrupted hundreds of open-source tools and linked its activity to BreachForums, LAPSUS$, and VECT. The shift matters because one upstream compromise can now cascade through multiple developer ecosystems.

Related Happenings

Miasma self-replicating supply chain attack campaign targeting open-source repositories

Campaign
H score83 First: 06.06.2026 09:58 Last: 06.06.2026 09:58 Sources 1

About this happening: The **Miasma** self-replicating supply-chain campaign has reached **73 Microsoft repositories** across **Azure**, **Azure-Samples**, **Microsoft**, and **MicrosoftDocs** on **GitH...

Megalodon GitHub CI/CD supply-chain campaign

Campaign
H score50 First: 22.05.2026 14:55 Last: 22.05.2026 14:55 Sources 1

How related: Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window.

About this happening: The **Megalodon** campaign pushed **5,718 malicious commits** into **5,561 GitHub repositories** in about **six hours**, creating a broad **CI/CD secret-theft** risk across develo...

TeamPCP opens its offensive framework to copycat supply-chain attackers

Threat Actor Meta
H score60 First: 19.05.2026 07:54 Last: 19.05.2026 07:54 Sources 1

About this happening: **TeamPCP** has started distributing its **offensive framework source code**, turning a single supply-chain operation into reusable tradecraft that other threat actors can adopt....

TeamPCP uses Shai-Hulud release to build access-broker monetization pipeline

Threat Actor Meta
H score16 First: 18.05.2026 22:53 Last: 18.05.2026 22:53 Sources 1

About this happening: **TeamPCP** is being framed as using the **Shai-Hulud** source-code release to drive an **access broker** business, turning worm distribution into a credential-monetization pipeli...

TeamPCP Mini Shai-Hulud npm supply-chain campaign

Campaign
H score75 First: 12.05.2026 14:07 Last: 12.05.2026 14:07 Sources 1

About this happening: The **TeamPCP**-linked **Mini Shai-Hulud** campaign is an active **npm supply-chain operation** that steals developer credentials and abuses trusted publishing paths to spread tro...

Timeline

  1. 22.05.2026 14:55 2 articles · 1mo ago

    TeamPCP expands supply-chain abuse across open-source ecosystems

    Campaign Scope Update

    TeamPCP has weaponized the interlinked software supply chain to corrupt hundreds of open-source tools across several ecosystems, with activity associated with BreachForums, LAPSUS$, and VECT and with extortion for profit in some cases. The group’s reported behavior also includes worm-like propagation through popular open-source projects, raising the downstream risk for repository owners, maintainers, and developers.

    Show sources