TeamPCP Is Ruining Open Source Code At An Alarming Rate
Nothing To Do With Us!
A large amount of the recent GitHub repo poisonings, Mercor breaches and even OpenAI employees are being carried out by a group known as TeamPCP. The hackers are purely motivated by money, they claim they do not hold onto account data, source code and their other ill gotten gains once they sell it to someone. That’s one way you can tell PCPer is not related to TeamPCP in any way, if we had that kind of money there would be obvious signs.
The recent infection of GitHub sites via VSCode is just one example, as security researchers have tied them to 20 “waves” of supply chain attacks that have hidden malware in more than 500 distinct pieces of software. They’ve even automated their attacks using a tool dubbed Mini Shai-Hulud which is a really nasty self-spreading worm. Once it steals a single set of credentials it spreads through a network and leverages any vulnerabilities it can.
Their actions are not new to anyone keeping an eye on computer security but the infection of open source code on platforms like GitHub we trust enough to allow autoupdates really does make it hard to make use of the open source code we all benefit from. This trust will be hard to rebuild even if the attacks from TeamPCP end.
“We are here today to advertise GitHub’s source code and internal orgs for sale,” TeamPCP wrote on BreachForums, a forum and marketplace for cybercriminals.
More Tech News From Around The Web
- Trend Micro warns of Apex One zero-day exploited in the wild @ Bleeping Computer
- Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw @ The Register
- Ubiquiti patches three max severity UniFi OS vulnerabilities @ Bleeping Computer
- IoT gadget maker AcuRite shares reasoning for killing customers’ favorite app @ Ars Technica
- Switchable skyrmions light up terahertz communications @ physicsworld
- Samsung Chip Workers To Get $340,000 Average Bonus In AI Boom @ Slashdot
- Waymo Pauses Atlanta Service As Its Robotaxis Keep Driving Into Floods @ Slashdot
- Gemini accused of 30,000-line code purge and fake recovery report @ The Register
- Equal1 Single Rack Quantum Computer at Dell Tech World 2026 @ ServeTheHome
