TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets

Infosecurity Magazine

Overview

TeamPCP, a group linked to the notorious Lapsus$ and Vect ransomware gangs, is reportedly investigating ways to profit from confidential information obtained through supply chain attacks. These attacks involve breaching a company's supply chain to steal sensitive data, which can then be sold or used for further cybercrimes. This shift towards monetizing stolen supply chain secrets raises serious concerns for organizations that rely on third-party vendors, as it exposes them to increased risks of data breaches and financial losses. The implications of such activities could be far-reaching, potentially impacting various industries that depend on secure supply chains. Companies should be vigilant about their supply chain security and consider enhancing their defenses against such exploitation.

Key Takeaways

  • Action Required: Companies should enhance supply chain security measures and conduct regular audits of third-party vendors.
  • Timeline: Newly disclosed

Original Article Summary

TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ and Vect ransomware gangs

Impact

Not specified

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

Companies should enhance supply chain security measures and conduct regular audits of third-party vendors.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Ransomware, Exploit.

Related Coverage

What public money does to open-source projects

Help Net Security

Open-source software plays a crucial role in the infrastructure of many companies, with about 96 percent of codebases incorporating it. This reliance became evident with high-profile vulnerabilities like the log4j flaw in December 2021, which affected a wide range of applications, from social media platforms to gaming software. More recently, the xz utils backdoor discovered in 2024 has further emphasized the security risks associated with open-source projects. These incidents raise concerns about the stability and security of software that many organizations depend on but do not financially support. As open-source projects often rely on volunteer contributions, the need for dedicated funding and resources to maintain and secure these projects is becoming increasingly critical.

Jul 16, 2026

Ransom demands are down, email is the top way attackers get in

Help Net Security

A recent survey of 2,158 IT and security leaders reveals that email, particularly through phishing attacks, is the primary method for cyber attackers to gain access to networks. In many cases, employees unknowingly open malicious emails and provide their login credentials, allowing attackers to infiltrate deeper into the system. This chain of events often leads to ransomware incidents, where files become inaccessible. Notably, while ransom demands have decreased, the reliance on email as an attack vector remains significant, accounting for half of all reported incidents. This trend emphasizes the need for organizations to bolster their email security and educate employees about the risks of phishing.

Jul 16, 2026

Companies keep getting breached by vulnerabilities they already knew about

Help Net Security

A recent survey by Vicarius reveals a troubling trend in cybersecurity: many companies are getting breached by vulnerabilities they were already aware of. Despite advanced scanning tools that help identify weaknesses across systems, organizations struggle with the subsequent steps of fixing these vulnerabilities. The survey included responses from 300 IT and cybersecurity leaders in the U.S. and the U.K., highlighting a significant gap in the process of assigning, approving, deploying, and confirming fixes. This issue raises concerns about the effectiveness of current cybersecurity strategies and the potential risks to sensitive data. Organizations need to address these gaps to better protect themselves from breaches that could have been prevented.

Jul 16, 2026

GPT-Red beat human red teamers on a prompt injection test

Help Net Security

OpenAI's GPT-Red, an automated red-teaming model, has outperformed human red teamers in testing for prompt injection vulnerabilities. The model operates similarly to a human attacker, sending prompts to a GPT model and analyzing the responses to identify weaknesses. Through a process called self-play reinforcement learning, GPT-Red learns alongside various defensive models to improve its effectiveness in finding and exploiting vulnerabilities. This development raises concerns about the capabilities of AI in cybersecurity, as it can potentially identify and exploit weaknesses faster than human teams can respond. As AI continues to advance, organizations may need to enhance their defenses against such automated threats.

Jul 16, 2026

Finance phishing works because it sounds boringly normal

Help Net Security

Phishing attacks targeting finance departments are becoming increasingly sophisticated and effective. According to research from Cofense, attackers are crafting phishing emails that mimic legitimate business communications, making them harder to detect. These emails often bypass advanced email security tools, such as AI-based secure email gateways, because they lack the typical urgency cues that would raise alarms. This tactic poses a significant risk to organizations in the financial sector, as employees might unknowingly engage with these deceptive messages, potentially leading to data breaches or financial loss. Companies need to enhance employee training and awareness to combat these subtle phishing efforts.

Jul 16, 2026

Dutch police bust investment fraud ring stealing over €100 million

BleepingComputer

Dutch police have arrested several individuals connected to an international investment fraud scheme that has reportedly defrauded over €100 million from tens of thousands of victims. The suspects are believed to have lured investors with promises of high returns, often targeting individuals through online platforms. This crackdown is part of a larger effort to combat financial fraud, which has been on the rise, particularly with the increase in online investment opportunities. The police are now investigating the full extent of the operation and are urging anyone who thinks they might have been a victim to come forward. The implications of this fraud ring are significant, as it not only affects individual investors but also undermines trust in legitimate investment practices.

Jul 15, 2026