… According to supply-chain security platform SafeDep, although the trigger mechanism is different in compromised Mistral AI and TanStack packages, they drop the same credential-stealing payload. …
… TeamPCP was linked to other major supply chain attacks targeting developer code platforms, including PyPI , NPM , GitHub , and Docker , and, more recently, to the "Mini Shai-Hulud" supply chain campaign which also affected two OpenAI employees . …
… Download Now Related Articles: GitHub investigates internal repositories breach claimed by TeamPCP 7-Eleven confirms data breach claimed by the ShinyHunters gang Grafana says stolen GitHub token let hackers steal codebase TeamPCP hackers advertise Mistral AI code repos for sale OpenAI confirms secu… …
… NMFTA Cybersecurity Conference Tackles Cyber-Enabled Cargo Crime Join your peers for the NMFTA 2026 Cybersecurity Conference to learn about real-world threat intelligence, research, and practical strategies focused on securing connected freight systems, combating cyber-enabled cargo crime, and stre… …
… TeamPCP is a cloud-focused threat group known for high-profile supply-chain breaches against Aqua Security’s Trivy scanner, the LiteLMM and Telnyx PyPI packages, and more recently, SAP npm packages . …
… The maintainer's security advisory also includes a PoC exploit that demonstrates remote code execution on the host machine. Users of vm2 are recommended to upgrade to version 3.10.5 or later latest is 3.11.2 as soon as possible to mitigate the risk of CVE-2026-26956 exploitation. …