May 2026: TeamPCP’s Supply Chain Blitz Hits Checkmarx, GitHub, and npm
ID: d3475954-9706-5973-994f-4f590c416f54
STIX ID: report--d3475954-9706-5973-994f-4f590c416f54
Feed Name: SOCRadar Blog
May 2026 featured parallel, high-impact operations: ShinyHunters exploited low-friction teacher accounts and vishing to exfiltrate and publish hundreds of millions of records from Instructure and Charter, while TeamPCP executed supply-chain compromises—backdooring a Checkmarx Jenkins plugin (CVE-2026-33634), poisoning an Nx Console VS Code extension (CVE-2026-48027) to clone ~3,800 internal GitHub repositories, and deploying a Mini Shai-Hulud worm that pushed 639 malicious npm package versions to harvest developer secrets and self-propagate—resulting in active, large-scale credential theft and persistent access across major developer ecosystems.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
