⚠️ Region Alert: UAE/Middle East
Between February and March 2026, the threat group TeamPCP conducted a series of sophisticated supply chain attacks targeting open-source security tools like Trivy and KICS, as well as the LiteLLM gateway and Telnyx Python SDK. The attackers successfully injected malicious infostealers into GitHub Actions and PyPI registries, enabling the silent exfiltration of cloud access tokens, SSH keys, and Kubernetes secrets from over 500,000 compromised systems.
This campaign marks an evolution in threat actor tactics, introducing the "CanisterWorm" malware which utilizes decentralized C2 architecture and contains destructive wiper components. The operation specifically weaponizes developer infrastructure to gain elevated privileges, highlighting a critical need for organizations to audit their CI/CD pipelines and implement robust software composition analysis (SCA) and hardening of secrets management to mitigate ongoing risks.
Top comments (0)