Miasma: Supply Chain Attack Targeting RedHat npm Packages
Detect and mitigate malicious npm packages linked to the latest npm supply chain attack, based on the open sourced Mini Shai-Hulud malware.
#Threat Intel
Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure
Wiz CIRT and Wiz Research detail JINX-0164, a threat actor using LinkedIn social engineering, custom macOS malware, and CI/CD hijacking to target cryptocurrency organizations.
Fragnesia: Linux Kernel Local Privilege Escalation via ESP-in-TCP
A new page-cache corruption vulnerability in the Dirty Frag family enables unprivileged local attackers to achieve root
Mini Shai-Hulud Strikes Again: TanStack + more npm Packages Compromised
Detect and mitigate malicious npm packages linked to the latest Mini Shai-Hulud supply chain campaign targeting high-value developer tooling.
Dirty Frag: Linux Kernel Local Privilege Escalation via ESP and RxRPC
Unpatched kernel flaw chain (CVE-2026-43284, CVE-2026-43500) enables root escalation on major Linux distributions.
Six Accounts, One Actor: Inside the prt-scan Supply Chain Campaign
After hackerbot-claw, another AI-powered campaign exploiting pull_request_target confirms the threat is here to stay. We trace the attacker back to three weeks before anyone noticed.
Tracking TeamPCP: Investigating Post-Compromise Attacks Seen in the Wild
How TeamPCP are leveraging stolen secrets from the recent supply chain attacks to compromise cloud environments
Three’s a Crowd: TeamPCP trojanizes LiteLLM in Continuation of Campaign
LiteLLM is the latest victim of TeamPCP’s open-source attack spree. Malicious versions 1.82.7 and 1.82.8 abuse Python’s .pth mechanism for stealthy persistence. The malware exfiltrates cloud credentials, CI/CD secrets, and keys to attacker-controlled domains.
KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attack
Checkmarx KICS scanner is the latest victim of a credential-stealing supply chain attack by TeamPCP. Between 12:58–16:50 UTC on March 23, 35 tags were hijacked. Learn how to audit your workflows, identify malicious activity, and secure your GitHub Actions.
Trivy Compromised: Everything You Need to Know about the Latest Supply Chain Attack
On March 19, 2026, threat actors injected credential-stealing malware into Aqua Security’s Trivy scanner and related GitHub Actions. Learn how "TeamPCP" executed this breach and how to audit your environment.
Snipping the Long Tail of Shai-Hulud 2.0
Wiz Research reveals the data behind Shai-Hulud's 2.0 long tail, the massive gap in cloud credential rotation, a potential link to the Trust Wallet incident, and how we finally "snipped the tail" on a month of ongoing infections.
Code to Cloud Attacks: From Github PAT to Cloud Control Plane
How attackers are leveraging compromised employee GitHub Personal Access Tokens to compromise cloud environments.