HIGHRansomware
Global

Weaponizing the Protectors: TeamPCP’s Multi-Stage Supply Chain Attack on Security Infrastructure

Tuesday, March 31, 2026 at 09:00 PM UTC·Source: Unit 42 (Palo Alto)

Updated: Thursday, April 2, 2026 at 05:46 PM UTC

Executive Summary

TeamPCP continues its string of supply chain attacks, and announces a partnership with Vect ransomware group. The post Weaponizing the Protectors: TeamPCP’s Multi-Stage Supply Chain Attack on Security Infrastructure appeared first on Unit 42 .

Analysis

TeamPCP continues its string of supply chain attacks, and announces a partnership with Vect ransomware group. The post Weaponizing the Protectors: TeamPCP’s Multi-Stage Supply Chain Attack on Security Infrastructure appeared first on Unit 42 .

Indicators of Compromise (1)

CVE (1)
CVE-2025-55182
NVDMITRE CVE
Source Attribution

Originally published by Unit 42 (Palo Alto) on Mar 31, 2026.

Related Threats

LOWMalware

Security lapse lets researchers view React2Shell hackers’ dashboard

An apparent security lapse has allowed researchers to peer into the work of a threat group currently exploiting unpatched servers open to the four-month-old React2Shell vulnerability to steal login credentials, keys, and tokens at scale. Researchers from Cisco Systems’ Talos threat intelligence team who made the discovery said Thursday that the data harvested by an unattributed group they call UAT

CVE-2025-55182
CSO Online
CRITICALVulnerability

A core infrastructure engineer pleads guilty to federal charges in insider attack

When Daniel Rhyne pleaded guilty on April 1 to having launched an insider extortion attack against his then-employer, authorities enumerated the techniques he used, including unauthorized remote desktop sessions, deletion of network administrator accounts, changing of passwords, and scheduling unauthorized tasks on the domain controller. After he shut down key systems and accounts, he sent a note

CSO Online
MEDIUMVulnerability

Internet Bug Bounty program hits pause on payouts

Researchers who identify and report bugs in open-source software will no longer be rewarded by the Internet Bug Bounty team. HackerOne, which administers the program, has said that it is “pausing submissions” while it contemplates ways in which open source security can be handled more effectively. The Internet Bug Bounty program, funded by a number of leading software companies, has been run since

CSO Online