#teampcp
5 articles
Global software development, cloud infrastructure, and technology sectors faced a concentrated wave of attacks between late April and mid-May 2026, with five articles covering the activity. Threat actors TeamPCP and PCPJack were observed exploiting five critical and high-severity vulnerabilities: CVE-2025-29927, CVE-2025-48703, CVE-2025-55182, CVE-2025-9501, and CVE-2026-1357. The campaign, assessed as three high and two critical in severity, impacted organizations worldwide across AI and automation verticals.
HIGHOpenAI Breached in TanStack Supply Chain Attack
OpenAI says two employees' devices were compromised in the TeamPCP Mini Shai-Hulud campaign, forcing rotation of code-signing certificates across macOS, Windows, iOS, and Android.
CRITICALTeamPCP Hijacks TanStack CI/CD, Poisons 170+ NPM/PyPI Packages
TeamPCP chained three GitHub Actions flaws to hijack TanStack's CI/CD, publishing 84 malicious artifacts across 42 packages.
HIGHPCPJack Worm Steals Cloud Credentials, Wipes TeamPCP Infections
SentinelLabs uncovers PCPJack, a credential-stealing worm targeting Docker, Kubernetes, Redis, and MongoDB that actively removes rival TeamPCP access from compromised cloud...
HIGHTeamPCP Container Attack Chain Detailed by Elastic Security
Elastic Security Labs publishes a real-world walkthrough of TeamPCP's multi-stage container compromise, showing how runtime signals across each attack phase are detected by…
CRITICALTeamPCP Partners with Vect Ransomware in Supply Chain Attacks
Unit 42 reports TeamPCP has partnered with Vect ransomware group to target security software vendors in multi-stage supply chain attacks, compromising trusted update mechanisms.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.