LOWSupply Chain
Global

TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)

·Source: SANS ISC

Updated:

Executive Summary

This is the seventh update to the TeamPCP supply chain campaign threat intelligence report,&&#x23&#x3b;x26&#x3b;&#x23&#x3b;xc2&#x3b;&&#x23&#x3b;x26&#x3b;&#x23&#x3b;xa0&#x3b;"When the Security Scanner Became the Weapon"&&#x23&#x3b;x26&#x3b;&#x23&#x3b;xc2&#x3b;&&#x23&#x3b;x26&#x3b;&#x23&#x3b;xa0&#x3b;(v3.0, March 25, 2026).&&#x23&#x3b;x26&#x3b;&#x23&#x3b;xc2&#x3b;&&#x23&#x3b;x26&#x3b;&#x23&#x3b;xa0&

Analysis

This is the seventh update to the TeamPCP supply chain campaign threat intelligence report,&&#x23&#x3b;x26&#x3b;&#x23&#x3b;xc2&#x3b;&&#x23&#x3b;x26&#x3b;&#x23&#x3b;xa0&#x3b;"When the Security Scanner Became the Weapon"&&#x23&#x3b;x26&#x3b;&#x23&#x3b;xc2&#x3b;&&#x23&#x3b;x26&#x3b;&#x23&#x3b;xa0&#x3b;(v3.0, March 25, 2026).&&#x23&#x3b;x26&#x3b;&#x23&#x3b;xc2&#x3b;&&#x23&#x3b;x26&#x3b;&#x23&#x3b;xa0&#x3b;Update 006&&#x23&#x3b;x26&#x3b;&#x23&#x3b;xc2&#x3b;&&#x23&#x3b;x26&#x3b;&#x23&#x3b;xa0&#x3b;covered developments through April 3, including the CERT-EU European Commission breach disclosure, ShinyHunters&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b; confirmation of credential sharing, Sportradar breach details, and Mandiant&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;s quantification of 1,000+ compromised SaaS environments. This update consolidates five days of intelligence from April 3 through April 8, 2026.
Source Attribution

Originally published by SANS ISC on Apr 8, 2026.

Related Threats

HIGHVulnerability

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Other noteworthy stories that might have slipped under the radar: ShinyHunters targets Rockstar Games, ShowDoc vulnerability exploited in the wild, and EPA to boost cybersecurity budget to $19 million. The post In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested appeared first on SecurityWeek .

SecurityWeek
MEDIUMSupply Chain

Mythos and the AI Vulnerability Storm: Exploring the Control Point

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/mythos-and-the-ai-vulnerability-storm" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/1-2025_Website-Assets/2025_blog_images/Blog-AI-Vulnerability-Storm.jpg" alt="Mythos and the AI Vulnerability Storm: Exploring the Control Point" class="hs-featured-image" style="width:auto !important;

Sonatype (Maven/npm)
MEDIUMSupply Chain

When AI Writes Code, Who Governs the Dependencies?

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/when-ai-writes-code-who-governs-the-dependencies" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/blog_fed_ai.png" alt="Image with a hexagon shape at center with the letters AI and a web icon" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15

Sonatype (Maven/npm)