Advertisement
GitHub Internal Repo Breach Claimed by TeamPCP – Code at Risk
GitHub investigates TeamPCP's claim of breaching internal repositories, potentially exposing 4,000 private codebases. Defenders must secure supply chains.
Backdoored Telnyx PyPI Package Uses Steganography to Deliver Malware
Security researchers discovered malicious versions of the Telnyx PyPI package delivering infostealers via steganography hidden in WAV audio files.
Telnyx PyPI Package Compromised by TeamPCP via Steganography
TeamPCP threat actors distributed malicious Telnyx Python package versions 4.87.1 and 4.87.2 on PyPI to harvest credentials using hidden WAV files.
TeamPCP Backdoors LiteLLM 1.82.7–1.82.8 via CI/CD Compromise
TeamPCP threat actors compromised LiteLLM versions 1.82.7 and 1.82.8, deploying credential harvesters and Kubernetes lateral movement tools via CI/CD.
Trivy Supply Chain Attack: TeamPCP Pushes Infostealer via GitHub
Threat actor TeamPCP compromised the Trivy-action repository to distribute infostealer malware through GitHub Actions, targeting CI/CD pipelines and secrets.