#TeamPCP

TeamPCP's $50K+ sale of ~4,000 GitHub repos: 'directionally consistent'

GitHub is investigating TeamPCP's $50K+ sale of ~4,000 internal repos. Count called 'directionally consistent' by GitHub; file list and the VS Code extension attack vector remain unverified.

PCPJack credential stealer chains 5 CVEs to worm through Docker, Kubernetes, Redis, and RayML

SentinelOne's PCPJack report broken down: initial access via Next.js and WordPress CVEs, lateral movement through Docker sockets, Kubernetes Secrets, Redis cron rewrite, and RayML job injection. IOCs and hardening steps included.

TeamPCP infected telnyx Python SDK with PyPI and stole API credentials with payload embedded in WAV audio

On March 27, 2026, telnyx Python SDK v4.87.1/4.87.2 was contaminated with PyPI. TeamPCP collects authentication information for OpenAI, Anthropic, AWS, and GCP by hiding payloads in WAV files. 742K downloads per month.