THREATNOIR
Subscribe
Back to Feed
Supply ChainMar 27, 2026

TeamPCP has done ANOTHER supply chain attack. My Brother in Christ, how many of these fuckin' th...

TeamPCP threat actor executes 50+ supply chain attacks across open-source packages in 8 days.

Read at source

Summary

TeamPCP, a prolific threat actor, has launched over 50 supply chain attacks within an 8-day window, targeting multiple open-source package repositories. Confirmed targets include Trivy (March 19th) and EmilGroup (28 packages on March 20th), with additional compromised packages identified. This campaign represents a significant escalation in coordinated package poisoning attacks.

Indicators of Compromise

  • malware — TeamPCP
  • malware — Trivy
  • malware — EmilGroup