TeamPCP Likely Behind Recent Supply Chain Attacks on Development Tools

The cyber threat actor TeamPCP is likely responsible for recent attacks targeting Trivy, Checkmarx’s KICS code scanner, VS Code plug-ins, and the LiteLLM AI library, indicating a widening supply chain campaign. The incidents suggest additional attacks are expected, though no specific timelines, technical indicators, or CVE IDs were disclosed. The affected tools include security scanning and development software, raising concerns about compromised dependencies in software supply chains. No details on the exact attack vectors, payloads, or impacted versions were provided. The focus appears to be on high-value open-source and commercial development tools. The report does not specify geographic or organizational targets.