#TeamPCP
TeamPCP Poisons Microsoft’s Official Python DurableTask SDK — Multi-Cloud Credential Worm Hits PyPI
The TeamPCP threat group has compromised three consecutive versions of Microsoft's official Python DurableTask SDK on PyPI, injecting a worm-like payload that steals multi-cloud credentials from AWS, Azure,...
GitHub Confirms Internal Repository Breach via Malicious VS Code Extension — TeamPCP Claims 3,800 Repos Stolen
GitHub has confirmed unauthorized access to its internal repositories after a malicious Visual Studio Code extension compromised an employee device. Threat actor TeamPCP claims to have exfiltrated approximately...
TeamPCP Supply Chain Campaign Poisons Checkmarx KICS, Bitwarden CLI, and PyPI Packages to Steal Cloud Credentials at Scale
A financially motivated threat group tracked as TeamPCP has executed at least seven waves of sophisticated supply chain attacks since March 2026, poisoning trusted CI/CD tools including Checkmarx...