Tag: open source compromise

2 articles

Brightly-lit coding workspace with interconnected nodes in the foreground.

TeamPCP Exploits Open-Source Trust Model in Mass Software Compromise

In a shocking display of cunning, TeamPCP has compromised over 1,000 software packages in under four months, injecting malicious code and redefining the notion of trust in open-source supply chains. This brazen attack has left a trail of destruction, with roughly 500 million weekly downloads affected across major registries like npm, PyPI, and GitHub.

Analyst 207Jun 18, 2026

Cluttered developer workstation with laptop and monitor in a home office setting.

PyPI Package elementary-data Compromised to Steal Developer Data

A malicious release of the popular elementary-data package on PyPI, which has over 1.1 million monthly downloads, allowed an attacker to steal developer data through a sneaky backdoor. This widely-used open-source tool for data observability in dbt pipelines became a prime target for the secrets-stealing campaign.

Analyst 207Apr 27, 2026