TeamPCP Malware Targets Multiple Code Platforms

TeamPCP, a sophisticated cyber threat group, has expanded its supply chain attack operations across three package ecosystems simultaneously. The group has infiltrated GitHub's internal codebase and compromised an official Microsoft Python SDK, distributing malware through these trusted channels. Additionally, TeamPCP has released its own malicious framework on GitHub, increasing its reach and operational capability. This campaign demonstrates how attackers target developers and organizations through supply chain vulnerabilities, potentially affecting thousands of downstream users who trust official repositories. Source: CyberSathi.in.