TeamPCP Supply Chain Campaign: Update 001 ? Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th)
This is the first update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon†(v3.0, March 25, 2026). That report covers the full campaign from the February 28 initial access through the March 24 LiteLLM PyPI compromise. This update co...
AI-Generated Summary
The TeamPCP supply chain campaign has expanded beyond initial reports, with Checkmarx scope found to be wider than previously disclosed, and a new CISA Known Exploited Vulnerabilities (KEV) entry added. The campaign, which began February 28 and culminated in the March 24 LiteLLM PyPI compromise, involves attackers weaponizing security scanning tools to infiltrate software supply chains. Detection tools are now available to help organizations identify potential compromises.
Threat Actor
TeamPCP
Affected Sectors
Frameworks
Aggregated from SANS ISC
This article was automatically aggregated from an external source. Content may be summarized.
Full Analysis
This is the first update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon†(v3.0, March 25, 2026). That report covers the full campaign from the February 28 initial access through the March 24 LiteLLM PyPI compromise. This update covers developments since publication.
Source: SANS ISC
Original Source
SANS ISC