teampcp5 articles
One Hacker Group Is Turning Software Supply Chains Into a Self-Replicating Nightmare
A cybercriminal group called TeamPCP has carried out an unprecedented wave of software supply chain attacks, hiding malware in hundreds of open source tools to breach companies including GitHub, OpenAI, and the European Commission's website. Their self-perpetuating strategy involves stealing developer credentials to compromise more tools, recently automated through a self-spreading worm called Mini Shai-Hulud, resulting in over 500 corrupted software packages across 20 attack waves in just a few months. Security experts warn that organisations should rotate authentication tokens regularly, avoid auto-updating open source tools, and vet new code before deployment, as the group shows no signs of slowing down.
One Hacker Group Is Turning Software Supply Chain Attacks Into a Production Line
A cybercriminal group called TeamPCP has carried out an unprecedented wave of software supply chain attacks, embedding malware in over 500 open source tools to infiltrate hundreds of companies, including GitHub, Anthropic, and the European Commission's public website. The group exploits a self-perpetuating cycle — compromising developer tools to steal credentials, then using those credentials to poison more tools — and has recently automated attacks using a self-spreading worm called Mini Shai-Hulud. Security experts warn that organisations must practice better credential hygiene, carefully vet software updates, and avoid automatically installing the latest versions of open source packages to protect themselves.
A Poisoned VS Code Extension Just Breached 3,800 GitHub Repositories
GitHub has confirmed that approximately 3,800 internal repositories were compromised after an employee installed a malicious VS Code extension, which was subsequently removed from the VS Code Marketplace and the affected device secured. The hacker group TeamPCP has claimed responsibility, advertising the stolen data on a cybercrime forum for at least $50,000, though GitHub states there is no evidence that customer data outside the breached repositories was affected. This incident is part of a broader pattern of malicious VS Code extensions targeting developers, with TeamPCP also previously linked to supply chain attacks on platforms including PyPI, NPM, and Docker.
One Dodgy VS Code Extension Later, GitHub Lost 3,800 Internal Repos
GitHub confirmed that approximately 3,800 internal repositories were compromised in a supply chain attack carried out by the hacking group TeamPCP, after an employee installed a malicious VS Code extension on their machine. The attackers claimed to have stolen source code and internal data, offering it for sale for at least $50,000 on an underground forum. GitHub responded by rotating critical credentials and launching an investigation, noting that the attack highlights the significant security risk posed by unvetted developer tools and extensions.
OpenAI Hit by TanStack Supply Chain Attack After Two Employee Machines Infected
OpenAI confirmed it was caught up in the "Mini Shai-Hulud" npm supply chain attack, in which malware hidden in compromised TanStack packages reached two employee devices and allowed attackers to steal a limited amount of internal credentials. The two affected machines had not yet received updated supply chain security controls that would have blocked the malicious dependency. As a precaution, OpenAI is rotating signing certificates for several desktop products — including ChatGPT Desktop, Codex App, and Codex CLI — and says there is no evidence that customer data or production systems were compromised.