Cybercriminal group TeamPCP has escalated software supply chain attacks, compromising hundreds of open source tools weekly. Their latest target, GitHub, claims 3,800 repositories were affected. The group uses malware to steal credentials, enabling further compromises and data extortion.
Cybercriminal group TeamPCP has escalated software supply chain attacks, corrupting hundreds of open source tools and breaching companies like GitHub and OpenAI. Their methods involve infecting code, stealing credentials, and using self-spreading worms, leading to widespread distrust in the open source ecosystem.
GitHub confirmed a data breach affecting ~3,800 internal code repositories, caused by a malicious VS Code extension installed by an employee. A hacker group, TeamPCP, claimed responsibility, seeking $50,000 for the data.
An unknown group of hackers is breaking into systems previously breached by the cybercrime group TeamPCP. Once inside, the hackers immediately kick out TeamPCP and remove its hacking tools from the victims’ systems.
Mehrere npm-Pakete von SAP waren einer Supply‑Chain‑Attacke ausgesetzt. Dahinter steckt die Hackergruppe TeamPCP, sagen Sicherheitsforscher.
