Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsStudyTraining
ProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Study
Training
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1310+ Articles
157+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
28 articles

#TeamPCP

All CosmicBytez Labs articles tagged #TeamPCP, across news, security advisories, how-to guides, and projects.

  • NewsMay 26, 2026

    The Hackers Behind Shai-Hulud: Lucky or Skilled?

    TeamPCP's Shai-Hulud worm inflicted serious damage on the open source ecosystem — but a close look at their operations raises the question of whether their.

  • NewsMay 20, 2026

    GitHub Breached — Employee Device Hack Led to Exfiltration

    GitHub is investigating unauthorized access to thousands of internal repositories after an employee device was compromised through the TanStack npm supply...

  • NewsMay 20, 2026

    GitHub Confirms Being Hacked by TeamPCP, Says Customer Data

    GitHub has officially confirmed it was breached by the TeamPCP threat actor after the group advertised stolen internal source code on a cybercrime forum....

  • NewsMay 20, 2026

    GitHub Confirms Breach, 4K Internal Repos Stolen

    GitHub has confirmed a data breach in which the TeamPCP threat actor stole approximately 4,000 internal repositories. The company states no customer data...

  • NewsMay 20, 2026

    GitHub Investigating TeamPCP Claimed Breach of ~4,000

    GitHub is investigating unauthorized access to its internal repositories after the TeamPCP threat actor listed approximately 4,000 GitHub internal repos...

  • NewsMay 19, 2026

    Mini Shai-Hulud Pushes Malicious AntV npm Packages via

    Cybersecurity researchers have discovered a fresh Mini Shai-Hulud supply chain attack compromising the @antv npm ecosystem through a hijacked maintainer...

  • NewsMay 18, 2026

    Four Malicious npm Packages Deliver Infostealers and

    Researchers have uncovered four malicious npm packages embedding infostealer malware and a Phantom Bot DDoS payload — one of which is a direct clone of...

  • NewsMay 18, 2026

    Shai-Hulud Worm Clones Spread After Code Release

    The public release of the Shai-Hulud worm source code by TeamPCP has triggered a wave of copycat variants appearing across the npm ecosystem. Security...

  • NewsMay 15, 2026

    TanStack Supply Chain Attack Hits Two OpenAI Employee

    OpenAI has disclosed that two corporate employee devices were compromised via the Mini Shai-Hulud supply chain attack on the TanStack npm ecosystem,...

  • NewsMay 15, 2026

    TeamPCP Hackers Advertise Mistral AI Source Code Repos for

    The TeamPCP threat group claims to have stolen source code repositories from Mistral AI and is advertising them for sale on criminal forums, threatening...

  • NewsMay 15, 2026

    TeamPCP Ups the Game, Releases Shai-Hulud Worm's Source Code

    The hacking group TeamPCP has publicly released the source code for its Shai-Hulud supply chain worm, actively encouraging other threat actors to...

  • NewsMay 12, 2026

    Mini Shai-Hulud Worm Compromises TanStack, Mistral AI

    TeamPCP has expanded its supply chain attack campaign with a fresh Mini Shai-Hulud worm that compromised npm and PyPI packages from TanStack, UiPath,...

  • NewsMay 12, 2026

    Worm Redux: Fresh Mini Shai-Hulud Infections Bite npm

    Hundreds of npm packages in the TanStack open source ecosystem have been infected by a fresh wave of Mini Shai-Hulud worm activity from TeamPCP — the same...

  • NewsletterMay 12, 2026

    May 12 Digest: AI-Generated Zero-Day, Shai-Hulud Worm

    Google confirms the first AI-generated zero-day in the wild; TeamPCP's Mini Shai-Hulud worm hits TanStack, Mistral AI, and Guardrails AI; Instructure pays...

  • NewsMay 11, 2026

    TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks

    Supply chain threat actor TeamPCP has struck again, publishing a tampered version of the Checkmarx Jenkins AST plugin to the Jenkins Marketplace — just...

  • NewsMay 1, 2026

    1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, and

    The TeamPCP threat group's Mini Shai-Hulud supply chain campaign compromised SAP-related npm packages along with PyTorch Lightning and Intercom client...

  • NewsApr 30, 2026

    TeamPCP Hits SAP npm Packages With 'Mini Shai-Hulud' Supply

    The threat actor TeamPCP has compromised multiple npm packages tied to SAP's cloud application development ecosystem in a new supply chain campaign dubbed...

  • NewsApr 29, 2026

    Vect 2.0 Ransomware Acts as Wiper Thanks to Design Error

    The emerging Vect 2.0 ransomware — deployed against TeamPCP supply chain attack victims — permanently destroys files larger than 131KB due to a critical...

  • NewsApr 6, 2026

    How LiteLLM Turned Developer Machines Into Credential

    The TeamPCP threat actor's March 2026 supply chain attack against LiteLLM exposed a dangerous blind spot: developer workstations running local AI agents...

  • NewsApr 4, 2026

    EU Cyber Agency Attributes Major Data Breach to TeamPCP

    ENISA has officially attributed the massive European Commission data breach — and a wider campaign affecting 30 EU institutions — to the TeamPCP hacking...

  • NewsApr 4, 2026

    European Commission Confirms Data Breach Linked to Trivy

    The European Commission has confirmed a major data breach of its AWS environment, with over 300GB of data stolen — including personal information of EU...

  • NewsApr 3, 2026

    Blast Radius of TeamPCP Attacks Expands Amid Hacker

    As organizations disclose breaches tied to TeamPCP's supply chain attacks, ShinyHunters and Lapsus$ are taking credit and creating a murky attribution...

  • NewsApr 3, 2026

    CERT-EU: European Commission Hack Exposes Data of 30 EU

    CERT-EU has attributed the European Commission cloud account compromise to the TeamPCP threat group, revealing the breach exposed sensitive data from at...

  • NewsApr 2, 2026

    Mercor Confirms Security Incident Tied to LiteLLM Supply

    AI hiring platform Mercor has confirmed a security incident linked to the LiteLLM PyPI supply chain attack carried out by TeamPCP. Separately, Lapsus$...

  • NewsMar 28, 2026

    TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides

    The TeamPCP threat actor — behind previous supply chain attacks on Trivy, KICS, and litellm — has now compromised the telnyx Python package on PyPI,...

  • NewsletterMar 26, 2026

    Mar 26 Digest: LeakBase Admin Arrested, WebRTC Skimmer

    This week: Russian authorities detain the alleged LeakBase admin weeks after the FBI-led global crackdown on the 147,000-subscriber stolen-data...

  • NewsMar 23, 2026

    Trivy Hack Spreads Infostealer via Docker, Triggers Worm

    The Trivy supply chain attack has expanded dramatically beyond GitHub Actions: malicious Docker Hub images (versions 0.69.4–0.69.6) carry an infostealer,...

  • NewsMar 23, 2026

    Trivy Supply Chain Attack Targets CI/CD Secrets

    The open-source Trivy security scanner was weaponized by threat actor TeamPCP in a supply chain attack that hijacked 75 release tags to deploy an...