Concerned about TeamPCP? Confirm your exposure in 30 minutes
A Kodem Security engineer will work with you to determine whether your environment is impacted by the TeamPCP supply chain campaign in ~30 minutes.
You can check for packages. We can tell you if the payload ran.
Request Exposure Check
A Kodem Security engineer will work with you to determine whether your environment is impacted by the TeamPCP supply chain campaign in ~30 minutes.
In your 30-minute exposure assessment, you will:
How it Works
On the call:
1.
A security engineer provides access to a Kodem tenant.
2.
Connect your repository.
3.
Validate what actually executed in runtime.
What we validate:
Execution of TeamPCP-related code paths.
Credential exposure (tokens, env, CI secrets).
Persistence or follow-on activity.
Runtime reachability and exploitability.
TeamPCP is a supply chain campaign, not a single CVE. The attack impacts trusted components across the development lifecycle, including:
Static analysis alone can’t confirm exposure, you need to know what actually ran.
A Kodem Security engineer will work with you to determine whether your environment is impacted by the TeamPCP supply chain campaign in ~30 minutes.
.png)
Mini Shai-Hulud Strikes PyTorch Lightning and intercom-client: Inside the Cross-Ecosystem Supply Chain Attack
Mini Shai-Hulud compromised PyTorch Lightning (2.6.2, 2.6.3) and intercom-client (7.0.4). Affected versions, IOCs and response runbook.
The Shai-Hulud Worm Returns: New npm Supply Chain Attack Compromises SAP Packages
The Shai-Hulud worm targets SAP npm packages via preinstall scripts. See affected packages, IOCs, and detection guidance for this supply chain attack.
When the Supply Chain Becomes the Attack Surface: Inside the TeamPCP Campaign
In March 2026, a widely trusted security tool was turned into an attack vector. Trivy, an open-source vulnerability scanner used across CI/CD pipelines, was compromised and used to exfiltrate sensitive credentials from build environments.