What is the TeamPCP supply chain campaign?

TeamPCP exploited Trivy (CVE-2026-33634) to steal AWS creds from 1,000+ SaaS setups, enabling cloud breaches and ransomware like Vect.

How did TeamPCP breach the European Commission?

Stolen AWS API keys from compromised Trivy on March 19; 340GB exfil, including 52K email files from 71 EU entities, detected March 24.

Rotate all creds, scan for IOCs per CERT-EU/Wiz, check Sportradar client lists—act now, dwell times are deadly short.

🎯 Threat Intelligence

ハッカーがセキュリティスキャナを世界中のクラウドのマスターキーへ変貌させました。EU委員会が侵害を認め、1000超のSaaS環境が標的に。

Threat Digest Apr 03, 2026 1 min read 14 views

Read in: Deutsch English Español Français Italiano 日本語 한국어 Português (BR) Русский Türkçe

Published by

Threat intelligence. Zero noise.

#EU Commission breach #Sportradar hack #TeamPCP campaign #Trivy compromise

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by SANS Internet Storm Center