How software development’s speed obsession enabled TeamPCP’s chaos crusade
ID: ea10c1d2-810d-5268-9d67-88e522a85af9
STIX ID: report--ea10c1d2-810d-5268-9d67-88e522a85af9
Feed Name: CyberScoop
Threat Score
TeamPCP is running a high-tempo software supply-chain campaign that injects credential-stealing malware and a self-replicating worm into open-source packages and CI/CD workflows across npm, PyPI, GitHub and other registries, compromising hundreds to thousands of packages (claimed ~500M weekly downloads) to harvest cloud and Kubernetes credentials and propagate further; defenders struggle with rapid automated deployments, unreleased secret rotation, and frequent re-infections.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
