Tag

Supply Chain Attack

Software supply chain attacks compromise the tools and dependencies organizations already trust, from vulnerability scanners and LLM gateways to telecom SDKs and HTTP clients. These articles cover the TeamPCP campaign that began with the Trivy compromise and cascaded through LiteLLM, Telnyx, and related ecosystems, alongside the parallel axios npm incident and the spring 2026 escalation into IDE extensions and self-spreading worms. Each piece focuses on concrete timelines, indicators of compromise, blast-radius assessment, and remediation steps security teams can execute immediately. The through-line is practical: when a trusted package or pipeline is poisoned, the question is not only which versions were malicious, but what a stolen token can actually reach next — and how continuous validation helps answer that before an attacker does.

5 articles

17 min read

TeamPCP's Spring 2026 Campaign: From a Stolen Token to GitHub's Source Code, Then a Self-Spreading Worm

In March, TeamPCP turned trusted security tools into weapons. It did not stop there. Across April, May, and June 2026 the campaign breached GitHub itself, poisoned a VS Code extension to steal AI assistant credentials, open-sourced its own worm, and spawned ecosystem-wide copycats. Here is the full timeline, the IOCs, and what to do now.

16 min read

Axios Supply Chain Attack Explained: npm's Most Popular HTTP Client Compromised with Cross-Platform RAT

On March 31, 2026, an attacker hijacked the lead axios maintainer's npm account and published two malicious versions — axios@1.14.1 and axios@0.30.4 — injecting a cross-platform remote access trojan via a fake dependency. Here is the full timeline, technical analysis, IOCs, and what to do if you are affected.

The TeamPCP Supply Chain Campaign: 9 Days, 5 Ecosystems, One Stolen Token — Complete Technical Timeline
21 min read

The TeamPCP Supply Chain Campaign: 9 Days, 5 Ecosystems, One Stolen Token — Complete Technical Timeline

The telnyx Python package was compromised on PyPI this morning. It is the fifth target in a supply chain campaign that has now crossed from vulnerability scanners to CI/CD pipelines to LLM gateways to telecom SDKs in nine days. Here is everything we know, every IOC, and exactly what to do if you are affected.

Ready to try autonomous pentesting?

See how Revaizor can transform your security testing.

Request Early Access