THE FBI issued a FLASH alert on July 2, 2026, regarding the criminal group TeamPCP, which has compromised popular developer tools to steal cloud credentials. The group employs a supply chain attack method, injecting malware into legitimate software packages like Trivy and KICS. This allows them to harvest sensitive data including API keys and SSH tokens from vulnerable environments.
TeamPCP is known for deploying various malware families that facilitate credential theft and self-propagation across software repositories. The FBI warns that any stolen credentials should be treated as permanently compromised, suggesting organizations enforce stringent security measures. They recommend rotating credentials, implementing multi-factor authentication, and securing CI/CD pipelines against unauthorized access.