Fixed Intel
CRITICAL THREAT ALERT|Threat Actor: TeamPCP
Aggregated Intel
Critical
VulnerabilitiesImpact: 92/10

TeamPCP Supply Chain Campaign: Update 002 - Telnyx PyPI Compromise, Vect Ransomware Mass Affiliate Program, and First Named Victim Claim, (Fri, Mar 27th)

This is the second update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 001 covered developments through March 26. This update covers developments from March 26-27, 2026.

FIFixed Intel Team||1 min read|4 Views

AI-Generated Summary

The TeamPCP supply chain campaign has escalated with the compromise of Telnyx's PyPI package, introduction of a Vect Ransomware mass affiliate program, and the first named victim claim. This is the second update to ongoing threat intelligence reporting covering developments between March 26-27, 2026. The campaign represents a sophisticated supply chain attack where security tooling has been weaponized against targets.

Threat Actor

TeamPCP

Affected Sectors

TechnologySoftware DevelopmentTelecommunicationsFinancial ServicesHealthcareAny organization using PyPI packages

Frameworks

NIST CSFISO27001NIST SP 800-161 (Supply Chain Risk Management)NCA-ECCCIS ControlsMITRE ATT&CK

Aggregated from SANS ISC

This article was automatically aggregated from an external source. Content may be summarized.

Read Original

Full Analysis

This is the second update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 001 covered developments through March 26. This update covers developments from March 26-27, 2026.

Source: SANS ISC

Original Source

SANS ISC