MEDIUMSupply Chain
Global

Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting

Friday, April 3, 2026 at 03:11 PM UTC·Source: Dark Reading

Updated: Friday, April 3, 2026 at 09:52 PM UTC

Executive Summary

As organizations disclose breaches tied to TeamPCP's supply chain attacks, ShinyHunters and Lapsus$ are getting involved, taking credit, and creating a murky situation for enterprises.

Analysis

As organizations disclose breaches tied to TeamPCP's supply chain attacks, ShinyHunters and Lapsus$ are getting involved, taking credit, and creating a murky situation for enterprises.
Source Attribution

Originally published by Dark Reading on Apr 3, 2026.

Related Threats

LOWSupply ChainNEW

6 ways attackers abuse AI services to hack your business

Attackers are starting to exploit AI systems to mount attacks in the same way they once relied on built-in enterprise tools such as PowerShell. Instead of relying on malware, cybercriminals are increasingly abusing AI tools enterprises depend on — a trend some experts describe as living off the AI land. “We’re seeing it in things like poisoned MCP servers in the supply chain, attackers using legit

CVE-2025-32711CVE-2026-25253
CSO Online
MEDIUMSupply Chain

Mercor Breach Linked to LiteLLM Supply-Chain Attack

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/mercor-breach-linked-to-litellm-supply-chain-attack-image_small-1-a-31340.jpg" align=right hspace=4><b>AI Dependency Attack Reportedly Exposes Data and Source Code</b><br>A LiteLLM supply-chain compromise enabled attackers to harvest credentials and access internal environments at scale at Mercor. The firm was the first to confirm

Bank Info Security
MEDIUMSupply Chain

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. "Every package contains three files (package.json, index.js, postinstall.js), has no description, repository,

The Hacker News