THE 26‑day pause in TeamPCP’s supply chain activity ended with three concurrent compromises across npm, PyPI and Docker Hub, occurring between April 21 and 22. The Docker Hub compromise hit the official checkmarx/kics repository on April 22, with the malicious images overwriting existing tags and introducing a covert telemetry path; that same day, xinference PyPI releases carried a malicious payload and a TeamPCP marker.
A self‑propagating npm worm, CanisterSprawl, was identified on April 21, with downstream impact seen when Bitwarden’s Dependabot automation pulled the compromised checkmarx/kics image into the Bitwarden CLI pipeline, leading to the npm package version 2026.4.0 being published and later replaced by 2026.4.1 from Bitwarden, which stated that no end‑user vault data was accessed.
Analysts describe cascading impact from one compromise to another via trusted automation and note that three Tier 1 outlets reported on these events, marking a return to active discovery after April’s monetisation phase. The update also highlights ongoing attribution ambiguities for xinference and stresses monitoring for further downstream effects through automation and cross‑ecosystem moves.