Storyline

TeamPCP supply chain campaign expands with new PyPI compromise and ransomware ties

The TeamPCP supply chain campaign has broadened beyond the initial Checkmarx report, now including a PyPI compromise via Telnyx and a partnership with the Vect ransomware affiliate program. The campaign has entered a monetization phase with no new compromises detected in the past 48 hours.

Published 2026-03-24 18:21 UTCUpdated 2026-03-28 15:09 UTC

Current brief openSource links open

This current storyline is open here with summary, metadata, source links, continuity context, and full evidence. Paid is for compare-over-time, alerts, exports, and workflow.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (1 domains)

1 top source shown

TeamPCP Supply Chain Campaign: Update 003 - Operational Tempo Shift as Campaign Enters Monetization Phase With No New Compromises in 48 Hours, (Sat, Mar 28th)

SANS Internet Storm Center (Handler's Diary) · News · isc.sans.edu · 2026-03-28 15:09 UTC

limited source diversity in top sources

View all evidence

Overview

Score total

1.24

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Recent updates confirm expansion of TeamPCP campaign scope and new attack vectors.
No new compromises in 48 hours suggest a shift to monetization, indicating active threat actor operations.
CISA KEV entry and published detection tools provide timely resources for defenders.

Why it matters

Supply chain compromises can lead to widespread impact across dependent software ecosystems.
Early detection and response tools help mitigate damage from ongoing campaigns.
Awareness of campaign evolution aids in prioritizing security audits and monitoring.

Continuity snapshot

Trend status: insufficient_history.
Continuity stage: emerging_confirmed.
Current status: open.
2 current source-linked posts are attached to this storyline.

All evidence

TeamPCP Supply Chain Campaign: Update 003 - Operational Tempo Shift as Campaign Enters Monetization Phase With No New Compromises in 48 Hours, (Sat, Mar 28th)

SANS Internet Storm Center (Handler's Diary) · isc.sans.edu · 2026-03-28 15:09 UTC

TamPCP scope is wider than the original Checkmarx report

blueteamsec · reddit.com · 2026-03-27 19:27 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

SANS Internet Storm Center (Handler's Diary) (1)
blueteamsec (1)

Top origin domains (this list)

isc.sans.edu (1)
reddit.com (1)