TeamPCP
-
GitHub investigates claim of internal repository theft after TeamPCP listing
GitHub said it is investigating unauthorized access to internal repositories after TeamPCP claimed it was selling source code and internal data. The company said it has no evidence of customer impact outside internal repositories.
-
Checkmarx says modified Jenkins plugin was published in supply chain attack
Checkmarx said a modified Jenkins AST plugin was published to the Jenkins Marketplace and warned users to stay on an older safe version. The incident is the latest attack linked to TeamPCP in a broader supply chain campaign.
-
PCPJack credential stealer targets cloud systems and removes TeamPCP traces
Researchers said PCPJack is a new cloud-focused credential stealer that targets exposed services, removes TeamPCP-related artifacts and uses multiple exploits to spread across compromised environments.
-
CanisterWorm self propagates in npm after Trivy supply chain compromise
A self propagating worm called CanisterWorm followed a Trivy supply chain compromise to infect 47 npm packages. The worm uses an ICP canister dead drop and stolen npm tokens to publish malicious package versions.
-
Worm-driven TeamPCP campaign compromises cloud native infrastructure at scale
A worm-driven campaign by TeamPCP exploited exposed Docker, Kubernetes, Ray and React vulnerabilities around Dec 25, 2025 to build proxy and scanning infrastructure for data theft, extortion and cryptocurrency mining, researchers report.
