canisterworm

The 48-Hour Secrets Sprint: How Three Registries Were Swept in One Weekend

John Z Black Apr 23, 2026

Threat Intelligence #supply-chain #npm #pypi #teampcp #xinference #canisterworm #checkmarx-kics #secrets-theft #devsecops

A coordinated 48-hour sprint hit npm, PyPI, and Docker Hub, targeting developer secrets at scale. From infected AI libraries to a trojanized security scanner, the supply chain is moving faster than your detection.

TeamPCP's Criminal Empire Is Growing and Nobody Agrees Who's Running It

John Z Black Apr 5, 2026

Ransomware & Cybercrime #teampcp #canisterworm #supply-chain #ransomware #vect #shinyhunters #lapsus

TeamPCP has evolved from cloud extortion to a criminal franchise operation with a wiper targeting Iran, a ransomware partnership with 300K affiliates, and public feuds with other threat actors.

TeamPCP Is Not a Hacker Group Anymore. It's a Cloud Crime Platform.

John Z Black Mar 28, 2026

Ransomware & Cybercrime #teampcp #canisterworm #vect #ransomware #supply-chain #blockchain #icp #pypi #cloud-security

TeamPCP has graduated from opportunistic attacker to full-spectrum criminal platform -- with blockchain C2 that law enforcement can't seize and a live ransomware affiliate program that costs $250 to join.

CanisterWorm: How TeamPCP Hijacked Your Security Scanners and Built an Untakeable Botnet

John Z Black Mar 24, 2026

Threat Intelligence #supply-chain #teampcp #canisterworm #kubernetes #ci/cd #npm #trivy #kics #wiper

TeamPCP compromised Trivy and KICS CI/CD scanner tags, spread CanisterWorm to 47 npm packages, and deployed a Kubernetes wiper targeting Iranian timezones -- all controlled via blockchain C2 that can't be taken down.