🚨 TeamPCP is systematically targeting security tools across the #OSS ecosystem, turning scanners and CI pipelines into infostealers. Attacks spreading fast across GitHub Actions, Open VSX, and PyPI.

“These companies were built to protect your supply chains yet they can't even protect their own, the state of modern security research is a joke, as a result we're gonna be around for a long time stealing terrabytes of trade secrets with our new partners.”

Details → https://socket.dev/blog/teampcp-targeting-security-tools-across-oss-ecosystem