Overview On June 5, 2026, 73 of Microsoft's GitHub repositories were batch-disabled within 105 seconds, triggered when a developer opened a contaminated project folder using VS Code. The attack originated from the Miasma worm, a self-replicating supply chain attack tool operated by TeamPCP. It shifted the attack entry point forward...
Tag: supply chain attack
AI Infrastructure LiteLLM Supply Chain Poisoning Alert
Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had suffered supply chain poisoning by the TeamPCP group on PyPI. It stole the publishing permission credentials by hacking into the security...

