TeamPCP and the supply chain attack campaign spread themselves through the open source ecosystem

Overview From April 21 to 22, 2026, the supply chain attack campaign attributed to the TeamPCP group (or UNC6780) unexpectedly reactivated after a 26-day hiatus. This outbreak didn't stop at a single