-
GitHub Breach: TeamPCP stole 3,800 internal repositories through a malicious VS Code extension and is now selling the data online for $95,000.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
TeamPCP claims to be selling alleged Mistral AI repositories on a hacker forum after the Mini Shai-Hulud attack targeted npm and PyPI ecosystems.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Research reveals that TeamPCP hijacked OIDC tokens to poison hundreds of TanStack, Mistral AI, and UiPath packages with the self-propagating Mini Shai-Hulud worm.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitGuardian uncovers TeamPCP attack on Bitwarden CLI, abusing GitHub Dependabot to spread Shai-Hulud and poison AI coding tools.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
AI firm Mercor confirms a breach linked to a LiteLLM supply chain attack, as hackers claim to have stolen 4TB of sensitive data and internal systems.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Telnyx issues an urgent alert after hackers TeamPCP uploaded malicious versions (4.87.1 & 4.87.2) of its Python SDK to steal cloud and crypto credentials.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers compromised Trivy, Checkmarx, and LiteLLM in a supply chain attack, stealing cloud credentials, tokens, and crypto wallet data from developers.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CanisterWorm spreads via npm supply chain attack, hijacks developer accounts, targets Kubernetes clusters, and deploys destructive Kamikaze wiper payload.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default language.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
