logo

May 2026: TeamPCP’s Supply Chain Blitz Hits Checkmarx, GitHub, and npm

ID: d3475954-9706-5973-994f-4f590c416f54

STIX ID: report--d3475954-9706-5973-994f-4f590c416f54

Feed Name: SOCRadar Blog

Threat Score
90/100

Date Published: 2026-06-16

Date Updated: 2026-06-17

Author: Ameer Owda

...
...

May 2026 featured parallel, high-impact operations: ShinyHunters exploited low-friction teacher accounts and vishing to exfiltrate and publish hundreds of millions of records from Instructure and Charter, while TeamPCP executed supply-chain compromises—backdooring a Checkmarx Jenkins plugin (CVE-2026-33634), poisoning an Nx Console VS Code extension (CVE-2026-48027) to clone ~3,800 internal GitHub repositories, and deploying a Mini Shai-Hulud worm that pushed 639 malicious npm package versions to harvest developer secrets and self-propagate—resulting in active, large-scale credential theft and persistent access across major developer ecosystems.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.