Tag

DevSecOps

DevSecOps embeds security as a shared responsibility across development, operations, and security teams. These articles cover practical approaches to integrating pentesting into CI/CD pipelines, automating security gates, shifting left without slowing down delivery, and building engineering cultures where security is a first-class concern rather than an afterthought.

4 articles

17 min read

TeamPCP's Spring 2026 Campaign: From a Stolen Token to GitHub's Source Code, Then a Self-Spreading Worm

In March, TeamPCP turned trusted security tools into weapons. It did not stop there. Across April, May, and June 2026 the campaign breached GitHub itself, poisoned a VS Code extension to steal AI assistant credentials, open-sourced its own worm, and spawned ecosystem-wide copycats. Here is the full timeline, the IOCs, and what to do now.

The TeamPCP Supply Chain Campaign: 9 Days, 5 Ecosystems, One Stolen Token — Complete Technical Timeline
21 min read

The TeamPCP Supply Chain Campaign: 9 Days, 5 Ecosystems, One Stolen Token — Complete Technical Timeline

The telnyx Python package was compromised on PyPI this morning. It is the fifth target in a supply chain campaign that has now crossed from vulnerability scanners to CI/CD pipelines to LLM gateways to telecom SDKs in nine days. Here is everything we know, every IOC, and exactly what to do if you are affected.

Ready to try autonomous pentesting?

See how Revaizor can transform your security testing.

Request Early Access