Tag

CI/CD Security

CI/CD pipelines are both the backbone of modern software delivery and a critical attack surface. These articles explore how to embed security testing directly into your build and deploy workflows — from automated pentesting on every merge to pipeline-native vulnerability scanning. Learn how to make security a zero-friction part of your delivery process without sacrificing speed.

4 articles

17 min read

TeamPCP's Spring 2026 Campaign: From a Stolen Token to GitHub's Source Code, Then a Self-Spreading Worm

In March, TeamPCP turned trusted security tools into weapons. It did not stop there. Across April, May, and June 2026 the campaign breached GitHub itself, poisoned a VS Code extension to steal AI assistant credentials, open-sourced its own worm, and spawned ecosystem-wide copycats. Here is the full timeline, the IOCs, and what to do now.

The TeamPCP Supply Chain Campaign: 9 Days, 5 Ecosystems, One Stolen Token — Complete Technical Timeline
21 min read

The TeamPCP Supply Chain Campaign: 9 Days, 5 Ecosystems, One Stolen Token — Complete Technical Timeline

The telnyx Python package was compromised on PyPI this morning. It is the fifth target in a supply chain campaign that has now crossed from vulnerability scanners to CI/CD pipelines to LLM gateways to telecom SDKs in nine days. Here is everything we know, every IOC, and exactly what to do if you are affected.

Ready to try autonomous pentesting?

See how Revaizor can transform your security testing.

Request Early Access