What tools did TeamPCP compromise?

Trivy, KICS, LiteLLM, and Telnyx Python SDK — all via GitHub Actions and PyPI injections.

How much data did TeamPCP steal?

Over 300 GB from 500,000 machines, including cloud tokens, SSH keys, and Kubernetes secrets.

How to detect TeamPCP supply chain attacks?

Check for CanisterWorm IOCs, self-signed certs flagged by Cortex Xpanse, and audit CI/CD for anomalous exfils.

TeamPCP's Ruthless Hijack of Security Scanners: 500K Machines, 300GB Stolen

Attackers slipped infostealers into GitHub Actions and PyPI, turning vulnerability scanners against their users. Over 500,000 machines lost cloud tokens, SSH keys, and Kubernetes secrets in this escalating nightmare.

Threat Digest Apr 03, 2026 4 min read 11 views

Diagram of TeamPCP supply chain attack infiltrating CI/CD pipelines via PyPI and GitHub

⚡ Key Takeaways

TeamPCP compromised security tools like Trivy and LiteLLM, stealing secrets from 500K machines. 𝕏
CanisterWorm introduces decentralized C2, signaling advanced cloud-native threats. 𝕏
Expect a boom in paid supply chain verification tools as open-source trust erodes. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#CanisterWorm #LiteLLM #TeamPCP #Trivy #cloud security #supply chain attack

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Palo Alto Unit 42

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

CanisterWorm: Cybercrooks Hijack Iran Tensions for Cloud Data Heists

TeamPCP's Supply Chain Onslaught Hits Databricks, Splits Ransomware Into Two Deadly Tracks

North Korean Hackers' Slick Slack Trick: Inside the Axios npm Compromise

Mercor Breach Exposes TeamPCP's LiteLLM Rampage in Real Time

Stay in the loop