X-Industry

teampcp (2)

TeamPCP

On 20 April 2026, the coding world was alerted after a widely used tool called @bitwarden/cli was found to be compromised. According to researchers at GitGuardian, who shared their analysis, the attack was a calculated operation by a group called TeamPCP, who used what researchers describe as a cross-campaign pivot to exploit trusted developer tools.

For context, Bitwarden is an open-source password manager that stores and encrypts sensitive data like passwords, API keys, and secure notes in a

LiteLLM PYTHON

On 24 March 2026, two versions of the litellm Python package on PyPI were found to contain malicious code. The packages (versions 1.82.7 and 1.82.8) were published by a threat actor known as TeamPCP after they obtained the maintainer's PyPI credentials through a prior compromise of Trivy, an open source security scanner used in litellm's CI/CD pipeline.

The malicious versions were available for approximately three hours before PyPI quarantined the package. litellm is downloaded roughly 3.4 mill

#xg { position:relative;top:120px; } #xn_bar { top:120px; }

Hello, you need to enable JavaScript to use Red Sky Alliance.

Please check your browser settings or contact your system administrator.

Note: this page contains paid content.