TeamPCP
6 mentions across all digests
TeamPCP is a hacking group believed responsible for supply chain attacks compromising open-source tools including LiteLLM and Trivy, affecting companies such as Mercor and Cisco.
Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise
March 2026 supply chain attacks poisoned Trivy and Axios via social engineering, stealing secrets from tens of thousands of organizations across development pipelines and cloud environments with planned follow-up exploitation.
Don't pay Vect a ransom - your data's likely already wiped out
Vect ransomware gang extorting victims of Trivy and LiteLLM supply chain compromises is likely destroying data anyway—Check Point Research finds 25 claimed victims since January recover little even after paying.
Another npm supply chain worm is tearing through dev environments
A self-propagating npm worm is harvesting developer credentials from Namastex Labs packages, echoing tactics from the TeamPCP-attributed CanisterWorm campaign.
AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack
TeamPCP's systematic campaign targeting open-source developer infrastructure compromises LiteLLM and impacts thousands of companies, exposing a critical vulnerability in the shared-tool supply chain.
Mercor says it was hit by cyberattack tied to compromise of open-source LiteLLM project
Compromise of widely-used open-source LiteLLM library gives extortion group Lapsus$/TeamPCP backdoor access to Mercor and potentially dozens of downstream AI companies.