BrianKrebs

@briankrebs@infosec.exchange

Independent investigative journalist. Covers cybercrime, security, privacy. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter, '95-'09. Signal: briankrebs.07
krebsonsecurity @ gmail .com
Linkedin: linkedin.com/in/bkrebs

The FBI has released a PSA about TeamPCP, a data extortion group blamed for what's been called the longest running streak of software supply-chain hacks ever. TeamPCP is responsible for a godawful number of popular code packages getting backdoored over the past six months. In the process they've compromised even more repos in a wormlike fashion, including a number of security tools like Trivy/Aqua Security, CheckMarx, and LiteLLM. TeamPCP also recently compromised GitHub, infecting at least 3,800 repositories with credential-stealing malware.

ic3.gov/CSA/2026/260702.pdf (PDF)

#teampcp

Really not looking forward to back-to-back thunderstorms AND the local yokels setting off their usual barrage of fireworks well into the night. Our German Shepherd barks her head off at thunder and fireworks, and the only way I can get her to stop is put her in the car and sit w/ her and listen to an audiobook or playlist loudly to drown out the booms. On the bright side, I'll probably finish an audiobook tonight, lol.