X-Industry

dependabot (2)

TeamPCP

On 20 April 2026, the coding world was alerted after a widely used tool called @bitwarden/cli was found to be compromised. According to researchers at GitGuardian, who shared their analysis, the attack was a calculated operation by a group called TeamPCP, who used what researchers describe as a cross-campaign pivot to exploit trusted developer tools.

For context, Bitwarden is an open-source password manager that stores and encrypts sensitive data like passwords, API keys, and secure notes in a

GitHub Repositories Hit by Password-Stealing

A new deceptive campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers. The malicious code exfiltrates the GitHub project's defined secrets to a malicious C2 server and modify any existing javascript files in the attacked project with a web-form password-stealer malware code effecting any end-user submitting its password in a web form. The malware is also designed to capture GitHub

#xg { position:relative;top:120px; } #xn_bar { top:120px; }

Hello, you need to enable JavaScript to use Red Sky Alliance.

Please check your browser settings or contact your system administrator.

Note: this page contains paid content.