TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns, (Mon, Apr 27th)
This update succeeds&#;x26;#;xc2;&#;x26;#;xa0;TeamPCP Supply Chain Campaign Update 007, published April 8, 2026, which left the campaign in credential-monetization mode following the Cisco source code theft via Trivy-linked credentials, Google GTIG&#;x26;#;39;s formal designation of the operators as
ORIGINAL SOURCE →via SANS ISC
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Not able to connect Tenable Vulnerability scanner to M365
- [CYBER] Home security giant ADT data breach affects 5.5 million people
- [CYBER] SocialScope — Mapping the Digital Minds of Adolescents
- [CYBER] Hackers steal nearly $300M in biggest DeFi exploit of 2026 - MSN
- [CYBER] Latest $290M exploit hit DeFi so hard it forced Aave onto Solana as part of rescue efforts - CryptoSlate
- [CYBER] Inside the Coinbase Cartel: How Infostealer Credentials Fueled a 100+ Company Ransomware Spree