TeamPCP's supply chain attack infected 170+ npm and PyPI packages like TanStack. Learn how the Mini Shai-Hulud worm bypasses SLSA and how to stop its wiper.
The software supply chain is under relentless attack from campaigns like TeamPCP and the Axios hack. Learn actionable, step-by-step strategies to secure your CI/CD pipelines and developer endpoints.
TeamPCP strikes again. The popular Python package litellm (versions 1.82.7 and 1.82.8) was compromised on PyPI, deploying a credential harvester and Kubernetes backdoor.
Aqua Security's Trivy was compromised a second time on March 19, 2026, by "TeamPCP." Learn how malicious v0.69.4 and GitHub Actions were used to steal CI/CD secrets, how to detect the breach, and immediate remediation steps.