🚨 TeamPCP Supply Chain Attack — Multi-Stage Cloud-Native Campaign Uncovered A sophisticated campaign attributed to TeamPCP has compromised multiple ecosystems through a chained supply chain attack impacting Trivy, KICS, LiteLLM, and 45+ npm packages. Key highlights: • Initial access via exposed PAT (Pwn Request) • Malicious packages pushed into CI/CD pipelines • Lateral movement through Aqua Security’s Trivy ecosystem • Deployment of Kubernetes wiper + worm (kamikaze.sh evolution) • Expansion into Checkmarx and broader developer ecosystems ⚠️ The attack propagated in under 5 days, combining credential theft, poisoned dependencies, and automated distribution pipelines. This campaign demonstrates how modern supply chain attacks are fast, scalable, and cloud-native by design, targeting developers as the new attack surface. #CyberSecurity #SupplyChainAttack #ThreatIntel #DevSecOps #CloudSecurity #Kubernetes #Infosec #DailyDarkWeb

This isn’t just another supply chain story, it’s automation at scale. Exposed tokens and poisoned packages let attackers move through CI/CD pipelines and developer tools faster than teams can react, turning trust relationships into distribution channels. The real shift is how quickly this kind of access propagates across ecosystems once it’s seeded, not just the initial compromise.