A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale
A hacker group known as TeamPCP has been conducting a series of software supply chain attacks, significantly impacting open source code platforms like GitHub. This group has compromised thousands of code repositories, leading to a growing distrust in the software development ecosystem. Their tactics involve embedding malware in popular development tools, creating a cycle of exploitation that allows them to breach numerous organizations.
- ▪TeamPCP has carried out 20 waves of supply chain attacks in recent months.
- ▪The group claims to have accessed around 4,000 of GitHub's code repositories.
- ▪Their attacks have affected hundreds of organizations, including AI firm Anthropic and data contracting firm Mercor.
Opening excerpt (first ~120 words) tap to expand
Andy Greenberg Lily Hay NewmanSecurityMay 21, 2026 5:00 AMA Hacker Group Is Poisoning Open Source Code at an Unprecedented ScaleGitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.Photo-illustration: WIRED Staff; Getty ImagesCommentLoaderSave StorySave this storyCommentLoaderSave StorySave this storyA so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the cybersecurity world with its insidious threat of turning any innocent application into a dangerous foothold in a victim’s network.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at WIRED.
Discussion
0 commentsMore from WIRED
1.jpg&w=800)
