Technology ❯ Cybersecurity ❯ Malware ❯ Supply Chain Attacks

Open Source Software

TeamPCP Worm Poisons Hundreds of npm and PyPI Packages With Signed Malicious Releases

Attackers hijacked GitHub Actions using OIDC tokens to ship signed releases that stole developer and cloud secrets.

Axios npm Package Hijacked to Drop RATs as Google Links Attack to UNC1069

TeamPCP Backdoors LiteLLM on PyPI, Forcing Emergency Secret Rotations