https://ramimac.me/teampcp/ New victims in the TeamPCP supply chain attack campaign. Subscribe to be notified when a new organization is compromised. en-us Sat, 28 Mar 2026 14:27:00 +0000 https://ramimac.me/teampcp/#telnyx https://ramimac.me/teampcp/#telnyx Fri, 27 Mar 2026 00:00:00 +0000 PyPI credentials compromised. Versions 4.87.1 and 4.87.2 contained WAV steganography payloads for Windows and Linux. ~4 hour exposure window before quarantine. https://ramimac.me/teampcp/#litellm https://ramimac.me/teampcp/#litellm Tue, 24 Mar 2026 00:00:00 +0000 PyPI token harvested via Trivy in CI/CD. Versions 1.82.7 and 1.82.8 contained credential-stealing payloads with persistence. Attacker claimed 54GB stolen via vxunderground. https://ramimac.me/teampcp/#checkmarx https://ramimac.me/teampcp/#checkmarx Mon, 23 Mar 2026 00:00:00 +0000 OpenVSX extensions and GitHub Actions hijacked via compromised service account. All 35 KICS tags and 91 AST tags force-pushed to malicious commits. C2 at checkmarx.zone. https://ramimac.me/teampcp/#canisterworm https://ramimac.me/teampcp/#canisterworm Fri, 20 Mar 2026 00:00:00 +0000 Self-propagating worm deployed via stolen npm tokens. ICP canister C2. 28+ packages infected in under 60 seconds across @EmilGroup, @opengov, @teale.io, @airtm, @pypestream. 135+ malicious artifacts across 64+ packages. https://ramimac.me/teampcp/#trivy https://ramimac.me/teampcp/#trivy Thu, 19 Mar 2026 00:00:00 +0000 Initial compromise via incomplete containment of Mar 1 PwnRequest. 75 of 76 tags hijacked. Malicious binaries published to GitHub Releases, Docker Hub, and npm (via CanisterWorm).