The TeamPCP Supply Chain Cascade: How One Compromised Security Scanner Led to 3 Million Daily Downloads of Crypto-Stealing Malware

The TeamPCP Supply Chain Cascade: How One Compromised Security Scanner Led to 3 Million Daily Downloads of Crypto-Stealing Malware From Trivy to npm to LiteLLM — a five-day campaign that weaponized the tools developers trust most, targeting Solana validators, Ethereum wallets, and every secret in your CI/CD pipeline. The Five-Day Kill Chain That Rewrote Supply Chain Threat Models On March 19, 2026, a threat actor group called TeamPCP compromised Trivy, Aqua Security's vulnerability scanner. Five days later, they had poisoned the real LiteLLM package on PyPI — a library with three million daily downloads — turning it into a multi-stage credential stealer that specifically targeted cryptocurrency wallets, cloud credentials, and Kubernetes clusters. This wasn't a typosquat. This wasn't a fake package. Every compromised artifact was the real thing , published through real accounts , distributed through real infrastructure . If you're running DeFi infrastructure, validator nodes, or AI-augm

The TeamPCP Supply Chain Cascade: How One Compromised Security Scanner Led to 3 Million Daily Downloads of Crypto-Stealing Malware

Related Articles

Why 60,000 Repos Adopted AGENTS.md

Intel and LG Display may have beaten Apple and Qualcomm with the best laptop battery life ever

FiberBills: A Complete Billing & Collection System for ISPs and Subscription Businesses

Prompting as Probabilistic Programming

La historia de Ramiro..

Related Articles

News
Why 60,000 Repos Adopted AGENTS.md
Medium Programming • 4h ago

News
Intel and LG Display may have beaten Apple and Qualcomm with the best laptop battery life ever
The Verge • 5h ago

News
FiberBills: A Complete Billing & Collection System for ISPs and Subscription Businesses
Medium Programming • 6h ago

News
Prompting as Probabilistic Programming
Medium Programming • 6h ago

News
La historia de Ramiro..
Dev.to • 7h ago