TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks
TeamPCP and BreachForums launch $1,000 contest rewarding supply chain attacks on open source packages.
Summary
TeamPCP, in collaboration with BreachForums, announced a competition offering $1,000 USD in Monero to attackers who successfully compromise open source packages using their Shai-Hulud attack tool. Winners are determined by download counts of compromised packages, incentivizing both high-impact single targets and broad ecosystem compromise. The contest functions as a recruitment mechanism for lower-tier threat actors, with the prize amount negligible compared to the value of credentials stolen from CI/CD pipelines and enterprise environments.
Full text
Security NewsPackagist Urges Immediate Composer Update After GitHub Actions Token LeakPackagist urges PHP projects to update Composer after a GitHub token format change exposed some GitHub Actions tokens in CI logs.By Sarah Gooding - May 13, 2026
Indicators of Compromise
- malware — Shai-Hulud