The TeamPCP supply chain attack evolves

Executive summary: Researchers report an active TeamPCP supply-chain campaign that compromised developer tooling and PyPI packages (including LiteLLM and telnyx) by abusing GitHub Actions, stolen credentials, and compromised accounts; malicious payloads (infostealers and backdoors) were published to repositories and package registries to harvest cloud secrets, tokens, and wallet data, with observed C2 infrastructure (e.g., models.litellm.cloud, checkmarx.zone, and IP 83.142.209.203) and evidence of runner execution and persistence.