[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRPkzScm_taLoZFvMfMxkgcB3MmAgS5XnX0VkYslXGu8":3},{"article":4,"iocs":54},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":33,"category":34,"article_tags":38},"49be262e-42e8-4a01-86c9-b1df7e1fd541","TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks","teampcp-and-breachforums-launch-1-000-contest-for-supply-chain-attacks-0f2fdb","After months of targeting security tools, CI\u002FCD workflows, and open source packages, TeamPCP is now promoting Shai-Hulud as required tooling for a competition that rewards the biggest compromise with a tiny crypto payout. According to Dark Web Informer, the competition was announced on BreachForums by an account identified as the forum’s owner, in collaboration with TeamPCP. Participants are being offered $1,000 USD in Monero to compromise open source packages with Shai-Hulud, along with the usual cybercrime forum currency of reputation and bragging rights. Source: Dark Web Informer The post says participants must use Shai-Hulud in their attacks, submit their forum handle or Breached profile, and provide “reasonable proof” of access. The winner will be determined by weekly and monthly download counts for the compromised packages. Smaller package compromises can also be combined toward the total, turning package reach into the scoreboard. Under that scoring system, a high-download package is the obvious prize. But a pile of smaller compromises can also count, giving participants a reason to go broad across the ecosystem instead of only chasing a single marquee target. The rule rewards a worm that devours indiscriminately. Source: Dark Web Informer The prize, however, is almost comically small for the kind of access TeamPCP is asking participants to burn. A successful supply chain compromise can expose CI\u002FCD secrets, cloud credentials, maintainer tokens, source code access, and downstream enterprise environments. That access is worth far more than $1,000 to actors who know how to monetize it. The contest essentially functions as a public recruitment stunt, turning supply chain compromise into a leaderboard for lower-tier actors willing to trade risk for recognition. Open Source Malware for Open Source Attacks # TeamPCP, never ones to miss a punchline, also released Shai-Hulud as open source attack tooling, hosted on the Breached CDN. A GitHub-hosted copy circulated before being taken down, according to users tracking the repository on X. TeamPCP has been systematically targeting security tools and critical open source infrastructure. In forum posts, the group has called out security vendors directly: “These companies were built to protect your supply chains yet they can't even protect their own, the state of modern security research is a joke, as a result we're gonna be around for a long time stealing terrabytes of trade secrets with our new partners.” Socket has been tracking TeamPCP’s activity across security tools, CI\u002FCD workflows, GitHub Actions, Docker images, OpenVSX extensions, npm, PyPI, and Packagist. The group frequently targets tools that already run inside developer and enterprise environments, then uses that access to harvest credentials for follow-on attacks. Recruiting Around Stolen Access # It is possible that a $1,000 prize will not motivate skilled operators to burn high-value access. The amount is negligible compared to the value of credentials stolen from CI\u002FCD pipelines, cloud environments, maintainer accounts, and enterprise developer tooling. TeamPCP has become one of the more successful access-broker operations in recent supply chain activity because it focuses on compromising tools that already have privileged access built in. That is why these incidents keep producing downstream victims. Vect announced its TeamPCP partnership on BreachForums less than seven weeks ago, though in supply chain attack time it already feels like 84 years. Since then, ransomware and extortion claims tied to the broader TeamPCP credential-theft fallout have touched AI training data, AI model development, property management technology, manufacturing, sports data infrastructure, and government cloud platforms, with other alleged claims spanning pharmaceuticals, financial data services, and major enterprise tech. Reporting has also pointed to overlapping claims from Vect, ShinyHunters, and Lapsus$, making attribution messy even when the credential-theft pipeline traces back to the same supply chain activity. The contest extends that pipeline outward. TeamPCP has already been positioning supply chain compromise as a way to harvest credentials, expose enterprise environments, and hand access to groups that know how to monetize it. Now it is giving forum users an open source worm, a scoring system, and a reason to rack up compromises. A $1,000 prize may not bring in serious operators. It can still bring in reckless ones. For maintainers and security teams already tired of the constant stream of open source supply chain attacks, the contest adds another weight they did not need: a public incentive for copycat attempts against package ecosystems.","TeamPCP, in collaboration with BreachForums, announced a competition offering $1,000 USD in Monero to attackers who successfully compromise open source packages using their Shai-Hulud attack tool. Winners are determined by download counts of compromised packages, incentivizing both high-impact single targets and broad ecosystem compromise. The contest functions as a recruitment mechanism for lower-tier threat actors, with the prize amount negligible compared to the value of credentials stolen from CI\u002FCD pipelines and enterprise environments.","TeamPCP and BreachForums launch $1,000 contest rewarding supply chain attacks on open source packages.","Security NewsPackagist Urges Immediate Composer Update After GitHub Actions Token LeakPackagist urges PHP projects to update Composer after a GitHub token format change exposed some GitHub Actions tokens in CI logs.By Sarah Gooding - May 13, 2026","https:\u002F\u002Fsocket.dev\u002Fblog\u002Fteampcp-supply-chain-attack-contest?utm_medium=feed","https:\u002F\u002Fcdn.sanity.io\u002Fimages\u002Fcgdhsj6q\u002Fproduction\u002Fd62d781ca0fc098a88c5bc51fdd08215d3bcb83f-1254x1254.png?w=1000&q=95&fit=max&auto=format","2026-05-14T02:49:33.417+00:00","2026-05-14T06:00:19.438984+00:00",9,[18,21,23,25,27,30],{"name":19,"type":20},"TeamPCP","threat_actor",{"name":22,"type":20},"Vect",{"name":24,"type":20},"ShinyHunters",{"name":26,"type":20},"Lapsus$",{"name":28,"type":29},"BreachForums supply chain attack contest","campaign",{"name":31,"type":32},"CI\u002FCD pipelines","technology","26b0b636-0e31-4db1-bffb-61bdf9f20a58",{"id":33,"icon":35,"name":36,"slug":37},null,"Supply Chain","supply-chain",[39,44,49],{"category":40},{"id":41,"icon":35,"name":42,"slug":43},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",{"category":45},{"id":46,"icon":35,"name":47,"slug":48},"ade75414-7914-4e23-a450-48b64546ee70","Open Source","open-source",{"category":50},{"id":51,"icon":35,"name":52,"slug":53},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[55],{"type":43,"value":56,"context":57},"Shai-Hulud","Open source attack tooling released by TeamPCP for supply chain compromise, hosted on Breached CDN"]