Full Report
Researchers identified a broad TeamPCP-linked supply chain campaign involving malicious NPM packages, compromised GitHub Actions, a trojanized VSCode extension, and malicious PyPI packages targeting cloud and CI/CD environments. The campaign includes large-scale credential the...
Analysis Summary