Jul 6, 2026

Podcast: Poisoned Pipelines: TeamPCP and the FBI Flash on Weaponized Dev Tools

In This Episode

A criminal crew with APT-grade patience is trojanizing the exact tools defenders rely on every day.

In this episode we cover:

  • FBI FLASH-20260702-01 (coordinated with CISA) exposes TeamPCP, a group compromising Trivy, KICS, LiteLLM, and the Telnyx SDK
  • Two new credential stealers in the wild: CanisterWorm and SANDCLOCK
  • “Mini Shai-Hulud”—a self-replicating worm spreading across npm and PyPI
  • npm account takeovers achieved through expired package recovery domains
  • Five concrete defenses to act on now, starting with a GitHub org search for “tpcp-docs”

If your org relies on open-source dev tooling in CI/CD, this one’s a must-listen.


Subscribe on Your Preferred Platform