Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.

News > Attacks & Threats > TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials

TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials.
1 Apr 2026
Written by Gabi Gerber
Attacks & Threats

Featured

Hacking Topics, Security Operation Center

TeamPCP is weaponizing the fruits of its extensive supply chain attacks, using stolen credentials to access cloud and software-as-a-service (SaaS) environments.

The threat group this month compromised several open source software projects, starting with Trivy, an Aqua Security-maintained security scanner, and KICS, a Checkmarx-developed tool for static code analysis. More recently, TeamPCP actors hit LiteLLM, an open source Python library, and the PyPi package of Telnyx, which developers use for voice AI agents. More here

Similar Stories

Attacks & Threats

Agentic AI Isn't Risky; the Way Orgs Deploy It Is

AI agents aren't black boxes — they're models interacting with software tools. The risk lies in their overlap. More...
Microsoft Issues Out-of-Band SharePoint Patch

SharePoint access often means access to the keys of the kingdom, something attackers and defenders understand all too we… More...
Google API Keys Remain Active After Deletion

A security researcher discovered the API keys can still be used for up to 23 minutes after deletion, even though the clo… More...
GitHub Confirms Breach, 4K Internal Repos Stolen

GitHub confirmed a data breach this week involving the theft of thousands of developer code repositories. One threat act… More...
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has c… More...

Have your say

 

News Categories

Attacks & Threats

Agentic AI Isn't Risky; the Way Orgs Deploy It Is

AI agents aren't black boxes — they're models interacting with software tools. The risk lies in their overlap. More...

Four talks. One afternoon. Online.
Online: Open TAI Conference – June 9, 2026, 14:00–16:30 CEST

Four talks tracing the path from Principles to Practice in Trustworthy AI. More...
Microsoft Issues Out-of-Band SharePoint Patch

SharePoint access often means access to the keys of the kingdom, something attackers and defenders understand all too we… More...

Leveraging CTI and Dark Web Monitoring in Geopolitical Chaos
Webinar: Leveraging CTI and Dark Web Monitoring in Geopolitical Chaos

Join our multi-language webinar on June 11, 2026 to hone your cybersecurity skills, expand your practical knowledge and … More...
Google API Keys Remain Active After Deletion

A security researcher discovered the API keys can still be used for up to 23 minutes after deletion, even though the clo… More...

Show more
image

Contact Us

Security Interest Group Switzerland
c/o Bridge Head AG
Sulzbergstrasse 34
5430 Wettingen
Switzerland

Quick Links

Terms
Contact Us
Privacy Policy
Newsletter

Follow Us

This website is powered by
ToucanTech