X-Industry

On 28 April 2026, SentinelLABS located a script through a Kubernetes-focused VirusTotal hunting rule that stood out from known cloud hack tools: the script’s first actions are to evict and delete tools associated with the TeamPCP attack group, leading us to call the toolset PCPJack.  Analyzing this script led researchers to discover a comprehensive framework for cloud credential harvesting and propagation to internal and external systems.

TeamPCP stood out in early 2026 following the group’s Feb

On 20 April 2026, the coding world was alerted after a widely used tool called @bitwarden/cli was found to be compromised.  According to researchers at GitGuardian, who shared their analysis, the attack was a calculated operation by a group called TeamPCP, who used what researchers describe as a cross-campaign pivot to exploit trusted developer tools.

For context, Bitwarden is an open-source password manager that stores and encrypts sensitive data like passwords, API keys, and secure notes in a

On 24 March 2026, two versions of the litellm Python package on PyPI were found to contain malicious code.  The packages (versions 1.82.7 and 1.82.8) were published by a threat actor known as TeamPCP after they obtained the maintainer's PyPI credentials through a prior compromise of Trivy, an open source security scanner used in litellm's CI/CD pipeline.

The malicious versions were available for approximately three hours before PyPI quarantined the package. litellm is downloaded roughly 3.4 mill