What is the TeamPCP supply chain campaign?

TeamPCP exploited Trivy (CVE-2026-33634) to steal AWS creds from 1,000+ SaaS setups, enabling cloud breaches and ransomware like Vect.

How did TeamPCP breach the European Commission?

Stolen AWS API keys from compromised Trivy on March 19; 340GB exfil, including 52K email files from 71 EU entities, detected March 24.

What should I do if I use Trivy or Sportradar?

Rotate all creds, scan for IOCs per CERT-EU/Wiz, check Sportradar client lists—act now, dwell times are deadly short.

🎯 Threat Intelligence

TeamPCP's Trivy Rampage: EU Cloud Breached, 1,000+ SaaS Targets Quantified

Hackers turned a security scanner into a skeleton key for clouds worldwide. Now, the EU Commission confirms the breach, with 1,000+ SaaS environments in the crosshairs.

Threat Digest Apr 03, 2026 3 min read 28 views

Read in: Deutsch English Español Français Italiano 日本語 한국어 Português (BR) Русский Türkçe

Digital chains breaking over cloud servers in a supply chain attack visualization

⚡ Key Takeaways

CERT-EU confirms EU Commission AWS breach via Trivy, 340GB stolen across 71 entities. 𝕏
Sportradar hit jointly by TeamPCP/Vect: 26K users, 161 clients like ESPN exposed. 𝕏
Mandiant: 1,000+ SaaS environments, 500K machines impacted—scale is massive. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#EU Commission breach #Sportradar hack #TeamPCP campaign #Trivy compromise

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by SANS Internet Storm Center

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

Mercor Breach Exposes TeamPCP's LiteLLM Rampage in Real Time

Coca-Cola and Ferrari Job Offers Hijacking Your Google Accounts in Real Time

Venom PhaaS Powers Ruthless Credential Grabs from C-Suite Targets

53% of Firms Run Critically Outdated Mobile OS—Attack Surface Explodes

Stay in the loop