TeamPCP and the Supply Chain: Defending Against the Next Generation of Supply Chain Malware

The software supply chain is no longer a theoretical risk, it is an active battleground. Recent threat actor TeamPCP have demonstrated how easily "trusted" third-party integrations and automated workflows can be weaponized to exfiltrate secrets and establish persistence within cloud environments. When your security scanners become the attack vector, traditional "shift-left" strategies aren't enough.

Wiz's research team will break down the mechanics of modern CI/CD hijacking. They'll deconstruct the TeamPCP attack lifecycle: from malicious "imposter" commits and tag hijacking to advanced exfiltration techniques like dumping runner memory and creating "dead-drop" repositories. Most importantly, we’ll focus on what you can do about it.

Learn how to secure your software supply chain, reduce risk across your CI/CD pipelines, and implement practical defenses that help you detect and prevent these types of attacks before they spread.