Kics

supply-chain 2026-04-02
TeamPCP's Supply Chain Cascade: Trivy, KICS, LiteLLM, Telnyx Compromised — Now Pivoting to Ransomware via Vect
TeamPCP poisoned Trivy, KICS, LiteLLM, and Telnyx across GitHub Actions and PyPI in March 2026, harvested ~300 GB of CI/CD secrets, breached Cisco and AstraZeneca, and has now partnered with Vect RaaS to convert stolen credentials into ransomware deployments.
supply-chain trivy kics litellm github-actions pypi ransomware teamPCP ci-cd kubernetes

TeamPCP's Supply Chain Cascade: Trivy, KICS, LiteLLM, Telnyx Compromised — Now Pivoting to Ransomware via Vect