The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest Wave
✦ NabkaNews BriefAuto-summarized from multiple outlets · verify with the source
A team known as TeamPCP has been involved in a recent wave of malicious activity, with reports indicating they have compromised accounts to publish malicious packages. The scope of the compromise is unclear, with one report suggesting over 300 malicious packages were published via a compromised maintainer account on npm. The incident appears to involve multiple platforms, including PyPi and possibly AntV, although details of the attacks are not fully consistent across reports.