TeamPCP
VS Code Zero-Day Exposes GitHub Tokens as Supply-Chain Attacks Breach 3,800 Internal Repositories
Unpatched OAuth vulnerability allows single-click credential theft while poisoned extension compromises GitHub's own infrastructure in 18 minutes.
Longest-Running Supply Chain Poisoning Campaign Hits GitHub, 3,800 Repos Stolen
TeamPCP's self-replicating worm compromised seven waves of open-source infrastructure in nine weeks, evading every CVE scanner and provenance system in production.
TeamPCP Compromises 170+ npm Packages in Coordinated AI Infrastructure Attack
Supply chain assault targets Mistral AI, TanStack, UiPath, and OpenSearch in first npm worm producing valid security provenance
LiteLLM Supply Chain Attack Exposes API Keys Across Enterprise AI Deployments
Compromise of widely-adopted Python package reveals systemic fragility in AI infrastructure as credential stealer reaches 97 million monthly installations.