Security Check-in Quick Hits: Supply Chain Attacks Rage On, Major Breaches Confirmed, and Ransomware Disrupts Critical Infrastructure

For March 25, 2026

TeamPCP’s Supply Chain Assault Escalates – Trivy Compromise Leads to Backdoored LiteLLM

In one of the most alarming supply chain attacks of the year, the threat actor known as TeamPCP has struck again. After compromising Aqua’s Trivy (a widely used open-source vulnerability scanner) via its CI/CD pipeline earlier in March 2026, the group leveraged stolen credentials to poison the popular Python package LiteLLM. On March 24, malicious versions 1.82.7 and 1.82.8 were published to PyPI. These contained a sophisticated three-stage payload: a credential harvester, Kubernetes lateral movement tools, and a persistent backdoor.

LiteLLM, which serves as a unified proxy for over 100 LLM APIs and boasts nearly 100 million monthly downloads, is used by major organizations including Stripe, Netflix, and Google. The backdoor automatically exfiltrated secrets such as SSH keys, cloud credentials, .env files, Kubernetes configs, and shell history to attacker-controlled domains. It also attempted cluster-wide persistence by deploying privileged pods. The malicious versions were live for roughly three hours before PyPI quarantined them, but the damage window was wide open for anyone who installed during that period.

TeamPCP has openly bragged on X about exfiltrating 300 GB of compressed credentials and is now extorting multiple multi-billion-dollar companies. Their message: “TeamPCP is here to stay. Long live the supply chain.” This campaign underscores a terrifying new reality—security tools themselves are now high-value targets. Developers and organizations should immediately audit LiteLLM usage, rotate all exposed secrets, and adopt strict supply chain verification practices like signed packages and reproducible builds.

HackerOne Discloses Employee Data Breach Tied to Navia Benefits Hack

HackerOne, the world’s leading bug bounty platform, has confirmed a data breach impacting 287 of its employees. The incident traces back to a cyberattack on its U.S. benefits administrator, Navia Benefit Solutions. An unknown threat actor exploited a Broken Object Level Authorization (BOLA) vulnerability in Navia’s API between December 22, 2025, and January 15, 2026. This gave read-only access to sensitive personal and health information across Navia’s clients—totaling roughly 2.7 million individuals nationwide.

No financial data or claims details were taken, and there was no evidence of ransomware or data alteration. However, the exposed employee records (including health info) create a ripe target for follow-on phishing, identity theft, and social engineering attacks. HackerOne only learned of the full scope in early March 2026—weeks after Navia’s initial February notifications—sparking criticism over disclosure delays. The company has launched its own review of Navia’s security practices and is advising affected employees to monitor accounts, update passwords, enable multi-factor authentication, and use offered identity protection services.

Third-party vendor risks continue to plague even the most security-savvy organizations. This incident is a stark reminder to vet benefits providers rigorously and demand rapid incident notification clauses in contracts.

“Ghost” Campaign Weaponizes npm and GitHub Against Developers

A stealthy malware campaign dubbed “Ghost” is actively targeting developers through malicious npm packages and GitHub repositories. Seven packages published under the username “mikilanjillo” impersonate legitimate dev tools—trading bots, SDKs, performance optimizers, and more. Attackers first build trust with partially functional or benign code, then trigger a multi-stage infection during installation.

The trick is clever: packages display fake install logs and errors claiming missing write permissions to Node.js global directories, prompting users to enter their sudo/admin password. Once captured, a downloader fetches the final Remote Access Trojan (RAT) known as GhostLoader. The malware steals browser credentials, cryptocurrency wallets, SSH keys, cloud configs, and developer tokens—then exfiltrates everything via Telegram bots and Binance Smart Chain smart contracts. It even clears Terminal history to cover its tracks.

The campaign overlaps with AI-assisted workflows and GitHub Actions, making it especially dangerous in modern dev environments. With hundreds of stars on some repos and realistic install flows, it’s easy to fall victim. Immediate actions: avoid unverified npm packages, never enter sudo during package installs, scan your environment for the listed malicious packages, and rotate any potentially compromised credentials immediately.

Crunchyroll Confirms Data Breach After Support Ticket Access

Anime streaming giant Crunchyroll has officially confirmed a data breach involving customer support ticket information. The incident stems from unauthorized access to its Zendesk system via a compromised Okta single sign-on account belonging to a support agent at third-party vendor Telus Digital.

A hacker claimed on March 12, 2026, to have downloaded approximately 8 million support ticket records containing roughly 6.8 million unique email addresses, plus internal Slack messages. The stolen data reportedly covers tickets up to early 2025. Crunchyroll says its investigation (with external cybersecurity experts) is ongoing and has found no evidence of continued unauthorized access. The company has not yet detailed the exact scope publicly or issued specific user advisories beyond the confirmation.

This breach highlights the persistent danger of third-party support vendors and SSO misconfigurations. Users should remain vigilant for phishing attempts impersonating Crunchyroll support, monitor for unusual account activity, and enable all available security features on their streaming accounts.

Stay safe out there—supply chain attacks and third-party breaches are the new normal. Follow up on these stories as more details emerge, and prioritize least-privilege access and continuous monitoring in your own environments.