The FBI has released a PSA about TeamPCP, a data extortion group blamed for what's been called the longest running streak of software supply-chain hacks ever. TeamPCP is responsible for a godawful number of popular code packages getting backdoored over the past six months. In the process they've compromised even more repos in a wormlike fashion, including a number of security tools like Trivy/Aqua Security, CheckMarx, and LiteLLM. TeamPCP also recently compromised GitHub, infecting at least 3,800 repositories with credential-stealing malware.