TeamPCP Is Systematically Targeting Security Tools Across the OSS Ecosystem
Socket ·
TeamPCP is escalating a coordinated campaign targeting security tools and open source developer infrastructure, and is now openly taking credit for multiple follow-on attacks across ecosystems. In recent Telegram posts, the group has claimed responsibility for expanding beyond the initial Trivy compromise, pointing to attacks on GitHub Actions, OpenVSX extensions, and now PyPI. The latest development includes attacks on Checkmarx' KICS scanner and OpenVSX extensions and a trojanized release of…
Soutenez Socket en consultant la ressource originale
Lire l'article originalVous aimez découvrir ces sources ?
Soutenez-moi sur Patreon
