The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Inside TeamPCP’s Supply Chain Offensive

May 18, 2026 1:56:30 PM / by The Hivemind posted in Threat Bulletin, Supply Chain Attack, CI/CD compromise, TeamPCP, Software Supply Chain Security, npm poisoning, GitHub Actions compromise, PyPI malware, AI infrastructure security

0 Comments

Verticals Targeted: Technology, Artificial Intelligence, Cloud, Software Development
Regions Targeted: US, Europe, Global
Related Threat Actors: TeamPCP
Related Families: Mini Shai-Hulud

Executive Summary

A coordinated software supply chain campaign linked to TeamPCP has demonstrated how modern CI/CD ecosystems can be weaponized to distribute malicious code, harvest developer credentials, and potentially enable broader downstream compromise. Recent operations tied to the actor targeted trusted software distribution infrastructure across GitHub Actions, PyPI, Docker Hub, VS Code/OpenVSX, and npm ecosystems through poisoned packages, malicious workflows, and compromised release mechanisms.

Read More

The Axios Breach: When npm Trust Becomes an APT Attack Vector

Apr 6, 2026 2:36:03 PM / by The Hivemind posted in Threat Bulletin, North Korean threat actors, UNC1069, CI/CD compromise, npm malware, supply chain attacks, Axios npm compromise, WAVESHAPER, DPRK cyber operations, RAT malware

0 Comments

Verticals Targeted: Software, Technology, Cloud, Enterprise IT environments
Regions Targeted: Global
Related Families: WAVESHAPER.V2

Executive Summary

A supply chain compromise of the widely used Axios npm package introduced a malicious dependency delivering cross-platform remote access trojans, now linked with high confidence to a North Korea–aligned threat cluster UNC1069. The campaign leveraged maintainer account takeover, npm publishing abuse, and install-time execution to target developer environments and CI/CD pipelines during a short but high-risk exposure window.

Read More

Infect Once, Spread Everywhere: CanisterWorm and the Automation of Supply Chain Compromise

Mar 31, 2026 11:07:10 AM / by The Hivemind posted in Threat Bulletin, DevSecOps security, decentralized C2, ICP malware, CanisterWorm, CI/CD compromise, Kubernetes security, software supply chain attack, npm malware, TeamPCP, container security, token harvesting malware

0 Comments

Related Families: CanisterWorm

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More