Vulnerability  ·  2026-07-06

FBI FLASH: TeamPCP Large-Scale Software Supply Chain Attacks Trojanize Developer/Security Tools (Trivy, KICS, LiteLLM, Telnyx SDK) — Includes Self-Propagating npm/PyPI Worms

VulnerabilityHigh impactGlobal
The FBI issued FLASH-20260702-01 (July 2, 2026) warning that TeamPCP — a threat group linked to 'The Com' — has, throughout 2026, trojanized updates to widely used developer and security tools, explicitly including LiteLLM (a widely deployed open-source LLM/AI gateway), to steal cloud credentials at scale. Sophos reported (July 2) that TeamPCP has since partnered with the Vect ransomware group in what researchers call an 'unprecedented industrialized' ransomware model, combining TeamPCP's credential-harvesting reach with Vect's ransomware deployment.
This directly targets the AI supply chain — LiteLLM is a widely-deployed AI gateway sitting in front of many production LLM deployments — and the self-propagating Mini Shai-Hulud/Miasma worms mean a single compromised package can cascade credential theft across the npm/PyPI ecosystem that most AI/ML tooling depends on, with the stolen cloud/K8s secrets enabling downstream ransomware deployment.
TeamPCP compromised trusted software distribution channels, injecting malicious code into legitimate package updates (including the LiteLLM AI gateway) to install credential-stealing malware (CanisterWorm, SANDCLOCK) and self-replicating supply-chain worms (Mini Shai-Hulud and its variant Miasma) that propagate across npm and PyPI, harvesting cloud tokens (AWS/GCP/Azure), SSH keys, and Kubernetes secrets from developer and AI-pipeline environments.
Developer/security tooling including LiteLLM (widely-used open-source LLM gateway), Trivy, KICS, Telnyx Python SDK, and any CI/CD pipeline consuming npm/PyPI packages
Pin all GitHub Actions workflows to verified commit hashes; rotate all CI/CD secrets and cloud credentials; enforce a minimum package-age threshold (7+ days) before adoption; audit npm/PyPI maintainer accounts; search repos for known IOCs (e.g. 'tpcp-docs', 'docs-tpcp'); see FBI FLASH-20260702-01.
FBI IC3 FLASH-20260702-01Threat-Modeling.com — FBI Warning: TeamPCPInfosecurity Magazine — Industrialized Cyber-Attacks After Ransomware Gang Partners With TeamPCP
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →