TeamPCP is a apt_group tracked across 19 threat clusters and 42 intelligence report mentions on ThreatCluster. First observed February 10, 2026; most recent activity July 17, 2026.
TeamPCP has launched a new cyber campaign deploying a destructive payload that targets Kubernetes clusters configured for Iran. This wiper malware, part of the ongoing CanisterWorm campaign, uses the same…
The TeamPCP threat group has expanded its supply chain attack campaign, compromising the Microsoft DurableTask Python client with versions v1.4.1, v1.4.2, and v1.4.3 found to contain a credential-stealing worm. This…
On March 24, 2026, two versions of the LiteLLM Python package (1.82.7 and 1.82.8) were compromised on PyPI, embedding credential-stealing payloads. The attack, linked to the TeamPCP threat actor, exploited a…
A malicious version of the Bitwarden CLI password manager was distributed via npm, affecting version 2026.4.0 for a brief window on April 22, 2026. The attack exploited a compromised GitHub Action in Bitwarden's CI/CD…
Checkmarx reported a malicious version of its Jenkins AST plugin was uploaded to the Jenkins Marketplace on May 9, 2026. This backdoored plugin, which affects security scans in Jenkins CI pipelines, poses a significant…
On March 24, 2026, two malicious versions of the LiteLLM Python package (1.82.7 and 1.82.8) were published on PyPI, containing credential-stealing malware. The attack, attributed to the TeamPCP threat group, exploited…
In July 2026, researchers demonstrated that open-weight AI models can be easily poisoned, allowing attackers to implant backdoors for under $100. Katie Paxton-Fear successfully manipulated a model to execute remote code…
On May 18, 2026, an automated cyber campaign named Megalodon pushed 5,718 malicious commits to 5,561 GitHub repositories within six hours. The attackers used forged identities and dummy accounts to inject malicious…
A new supply chain attack, dubbed 'Mini Shai-Hulud', has compromised multiple npm packages related to SAP's Cloud Application Programming Model (CAP). This attack involves injecting malicious preinstall scripts into…
The Vect 2.0 ransomware, emerging from a partnership with the TeamPCP group, has been found to irreversibly destroy files larger than 128 KB instead of encrypting them for ransom. This critical flaw, identified by Check…