Ransomware Groups Are Building Supply Chain Empires and Ditching Encryption

The ransomware industry has restructured itself around supply chain dominance. Groups no longer waste time brute-forcing single targets through exposed RDP ports. They compromise managed service providers, hijack trusted developer tools, and poison widely used open-source packages to reach thousands of victims through a single intrusion. In parallel, a growing number of operators have dropped encryption entirely, relying on data theft and extortion alone. The economics favor data theft and extortion over complex encryption deployments when the same financial outcomes can be achieved more efficiently.

March 2026 saw multiple major software supply chain attacks, including compromises of security tools and developer infrastructure. The TeamPCP campaigns against Trivy, Checkmarx, and LiteLLM demonstrated how a single retained credential can cascade across multiple ecosystems. In a separate nation-state incident, Sapphire Sleet compromised the Axios npm package. These aren't isolated incidents. They represent the new standard operating model.

The MSP Goldmine: Why One Target Equals a Thousand Victims

MSPs remain the single most efficient entry point for mass-scale ransomware operations. As Group-IB's High-Tech Crime Trends Report 2026 puts it: "MSPs are high-value targets because each one is a gateway to more victims" [1]. Huntress frames it even more bluntly: "Why hack one company when you can hack the company that manages a thousand others?" [7].

The numbers back this up. Guardz's threat intelligence team found that 9 out of 10 SMBs served by MSPs have compromised users, and the team predicts MSP supply chain attacks will intensify in the second half of 2026 [3]. Ransomware incidents tracked across MSP-managed environments surged 190% [3]. Session hijacking rose 23% [3]. Business email compromise losses now range from $140,000 to $1.5 million per incident, up from roughly $40,000 in early 2025 [3].

Criminal Supply Chain Attacks: TeamPCP's Campaign Against Security Tools

The most alarming development in March 2026 was the systematic targeting of security and developer tools by criminal groups. A threat group tracked as TeamPCP has been active since at least September 2025 [8] and has deliberately compromised the tools that developers and security teams trust most: vulnerability scanners, password managers, and CI/CD infrastructure [4].

The attack sequence started on March 19, 2026, when TeamPCP exploited an incomplete credential rotation in Aqua Security's Trivy scanner [8]. Two days later, on March 21, they used stolen GitHub Personal Access Tokens to target Checkmarx's KICS static analysis tool [8]. TeamPCP compromised the aqua-bot service account and force-pushed malicious code to 76 of 77 version tags in the repository [8]. The incident was severe enough to warrant CVE-2026-33634 [8].

Checkmarx confirmed on March 23, 2026 that it was targeted through a supply chain incident affecting two specific plugins distributed via the Open VSX marketplace and GitHub Actions workflows [9]. The attackers set up a typosquat domain, checkmarx.zone, for credential exfiltration [9]. TeamPCP's stealer payload created hidden repositories named docs-tpcp using victims' GITHUB_TOKEN credentials and established persistence by polling checkmarx.zone/raw every 50 minutes for additional payloads [10].

TeamPCP has partnered with ransomware and extortion groups including Vect and Lapsus$ [4]. After their success, TeamPCP publicly boasted they intend to "pull off even bigger supply chain operations" [4].

Nation-State Supply Chain Attacks: Sapphire Sleet and Axios

In a separate incident demonstrating nation-state interest in supply chain attacks, on March 31, 2026, two malicious versions of the Axios npm package (versions 1.14.1 and 0.30.4) were published [5]. Microsoft Threat Intelligence attributed the compromise to Sapphire Sleet, a North Korean state-sponsored actor [5]. The malicious packages injected a fake dependency called plain-crypto-js and connected to a Sapphire Sleet-controlled domain to retrieve a second-stage remote access trojan [5]. Windows, macOS, and Linux systems were all targeted with platform-specific payloads [5].

The LiteLLM compromise, also uncovered in March 2026, affected an AI infrastructure library with 3.4 million downloads per day [6]. The impacted package versions were only available for about three hours before quarantine, but at that download velocity, the blast radius was substantial [6]. Zscaler's ThreatLabz attributed this and several other recent supply chain attacks to TeamPCP [6].

The convergence of state actors and criminal groups around supply chain targeting is significant. Supply chain compromise has become industrialized and adopted broadly by ransomware groups, access brokers, and state-aligned actors alike [1].

The Encryption-Free Pivot: Extortion Without Ransomware

A fundamental tactical shift is reshaping the ransomware business model. Multiple groups now skip encryption entirely. They steal data, threaten to publish it, and demand payment. No file encryption, no decryption keys, no operational disruption beyond the breach itself.

Several factors drive this transition:

Speed. Encrypting an entire enterprise environment takes time and creates noise. Exfiltrating targeted data is faster and harder to detect. AI-powered tooling has compressed attack timelines from weeks to hours [1], and the median dwell time has dropped from 9 days to 5 days [2]. Skipping encryption shaves additional time off the operation.

Stealth. Encryption triggers endpoint detection tools. Mass file modification is one of the most reliable behavioral indicators for EDR platforms. Data exfiltration through legitimate cloud storage or encrypted channels is far harder to distinguish from normal business traffic.

Simplicity. Encryption payloads require development, testing, and maintenance across different OS versions and file systems. Pure exfiltration uses standard tools already present in most environments.

Leverage. Regulatory pressure, GDPR fines, HIPAA penalties, and reputational damage from data exposure often create more urgency for victims than encrypted files. Many organizations can restore from backups, but they can't un-leak stolen records.

Mandiant's M-Trends 2026 report found that 29% of breaches now involve third-party compromises [2], and the mean time to exploit vulnerabilities has dropped to negative 7 days, meaning exploitation routinely occurs before patches are released [2]. The economics favor speed and data theft over the complexity of deploying encryption payloads.

RMM Tool Abuse: Turning Defense Into Offense

Remote Monitoring and Management tools represent the most abused attack vector in MSP environments. RMM tool abuse accounted for 26% of all endpoint threat detections in MSP-managed environments, making it the single largest endpoint threat campaign [3]. Tools like ScreenConnect, AteraAgent, and MeshAgent are being deployed by attackers for unauthorized persistent access [3].

These tools are inherently trusted in MSP environments. They run with elevated privileges, have broad network access, and are often whitelisted by security products. Attackers don't need to bring their own tooling when the victim's infrastructure provides everything they need.

IOC Table

MITRE ATT&CK Techniques

Detection and Hunting

GitHub and CI/CD Monitoring:

Hunt for unexpected force-push events on protected branches, especially across multiple version tags. TeamPCP force-pushed to 76 of 77 version tags in a single operation [8]. Monitor for repository creations matching the docs-tpcp naming pattern using GITHUB_TOKEN [10]. Alert on any outbound connections from CI runners to checkmarx.zone or 83.142.209.11:443 [10].

NPM/Package Manager Auditing:

Pin dependencies and audit for unexpected version changes. The compromised Axios versions (1.14.1 and 0.30.4) introduced plain-crypto-js as a new dependency [5]. Any npm package suddenly adding unfamiliar dependencies warrants immediate investigation.

RMM Tool Detection:

Baseline which RMM tools are authorized in your environment. Alert on installation or execution of ScreenConnect, AteraAgent, or MeshAgent on endpoints where they aren't sanctioned [3]. Query: process_name IN ('ScreenConnect.ClientService.exe', 'AteraAgent.exe', 'MeshAgent.exe') AND NOT host IN (authorized_rmm_hosts) AND (process_commandline CONTAINS 'relay' OR parent_process != 'services.exe')

OAuth and Token Anomalies:

Monitor for bulk OAuth token usage from new IP ranges. Compromised OAuth tokens affected 700+ organizations [1]. Unusual token refresh patterns or token use from atypical geolocations are strong indicators.

Data Exfiltration Indicators:

Watch for unusual archive creation (.tar.gz files in CI/CD contexts) and outbound transfers to newly registered domains. TeamPCP used tpcp.tar.gz for encrypted exfiltration [8].

Analysis

The ransomware ecosystem has bifurcated into two complementary models. Traditional ransomware operators like Qilin (over 1,000 attacks) and Akira ($42 million collected) still encrypt and extort [7]. But a growing segment of the market focuses exclusively on supply chain compromise and data-theft extortion, avoiding encryption entirely.

TeamPCP represents a new archetype: a supply chain specialist that partners with established ransomware brands (Lapsus$, Vect) rather than operating its own encryption infrastructure [4]. This division of labor mirrors legitimate software industry specialization. One group handles initial access and credential harvesting. Another handles the extortion. The victim experiences the same outcome.

The targeting of security tools is particularly corrosive. When vulnerability scanners and static analysis tools become attack vectors, defenders face a fundamental trust problem. Every security tool in the CI/CD pipeline becomes a potential entry point. Group-IB's assessment that identity will overtake malware as the dominant intrusion mechanism [1] aligns with what we're seeing: TeamPCP's entire operation revolves around stolen credentials, not malware deployment.

AI acceleration compounds these risks. With 80% of ransomware attacks incorporating AI tools for reconnaissance, payload customization, and evasion [2], and exploitation occurring before patches are even available [2], the defender's window for response continues to shrink.

References

1. Group-IB: Six Supply Chain Attack Groups to Watch Out for in 2026
2. JazzCyberShield: Cybersecurity Threats 2026: Ransomware, AI Attacks & Defense
3. Guardz Report: 9 Out Of 10 SMBs Have Compromised Users
4. The Register: Ongoing supply-chain attack targets security, dev tools
5. Microsoft Security Blog: Mitigating the Axios npm supply chain compromise
6. Zscaler ThreatLabz: Supply Chain Attacks Surge in March 2026
7. Huntress: Ransomware Trends 2026: What's Changing
8. Unit 42: Weaponizing the Protectors: TeamPCP's Multi-Stage Supply Chain Attack
9. Checkmarx Security Update: March 23
10. The Hacker News: TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

Event Timeline

Entity Relationships

Diamond Model

Hunt Guide: Hunt Report: TeamPCP Supply Chain Campaign and Ransomware Evolution

Hypothesis: If TeamPCP or affiliated ransomware groups are active in our environment, we expect to observe unauthorized GitHub force-push events, connections to checkmarx.zone infrastructure, RMM tool abuse patterns, and data exfiltration without encryption in Sysmon process creation, network proxy logs, and GitHub audit logs.

Intelligence Summary: TeamPCP has compromised multiple security tools (Trivy, Checkmarx, LiteLLM) through stolen credentials and incomplete credential rotation, partnering with ransomware groups like Lapsus$ and Vect. Concurrently, ransomware operators are pivoting to data-theft extortion without encryption, exploiting MSP relationships and RMM tools for mass-scale campaigns.

Confidence: High | Priority: Critical

Scope

• Networks: All development environments with GitHub integration, MSP-managed networks, and systems with RMM tools installed
• Timeframe: Initial: March 1, 2026 - present; Expanded: January 1, 2026 - present for credential rotation verification
• Priority Systems: GitHub Enterprise servers, CI/CD runners, package repositories, MSP jump boxes, development workstations with GitHub PATs

MITRE ATT&CK Techniques

T1195.002 — Supply Chain Compromise: Compromise Software Supply Chain (Initial Access) [P1]

TeamPCP poisoned Trivy, KICS, and other developer tools by force-pushing malicious code to multiple version tags using stolen GitHub PATs

Splunk SPL:

index=github_audit action="git.push" ref_type="tag" | stats count by actor, repository | where count > 10 | eval suspicious=if(count > 50, "HIGH", "MEDIUM")

Elastic KQL:

github.action:"git.push" AND github.ref_type:"tag" | stats count by github.actor, github.repository | where count > 10

Sigma Rule:

title: Mass Tag Updates in Version Control
id: 8a9b5f4e-2c7d-4a1e-9f3b-5e8d7c6a9b2f
description: Detects mass force-push events to multiple tags indicating potential supply chain compromise
author: RedSheep Security/Stone
status: experimental
references:
  - Internal research
logsource:
  product: github
  service: audit
detection:
  selection:
    action: 'git.push'
    ref_type: 'tag'
  timeframe: 10m
  condition: selection | count(repository) by actor > 10
falsepositives:
  - Legitimate release automation
level: high
tags:
  - attack.initial_access
  - attack.t1195.002

Baseline normal release patterns per repository. TeamPCP pushed to 76/77 tags in one operation.

T1552.004 — Unsecured Credentials: Private Keys (Credential Access) [P1]

TeamPCP exploited incomplete credential rotation to steal GitHub Personal Access Tokens and service account credentials

Splunk SPL:

index=github_audit action="oauth_access.create" OR action="personal_access_token.create" | eval token_age=now()-_time | where token_age > 7776000 | stats count by actor, oauth_application_id

Elastic KQL:

github.action:("oauth_access.create" OR "personal_access_token.create") AND @timestamp:[now-90d TO now-89d]

Sigma Rule:

title: Old GitHub Token Still Active
id: 3f8e9a2c-7b5d-4e1a-8c9f-2a7e5d8b3c4f
description: Detects GitHub tokens created before security incidents that remain active
author: RedSheep Security/Stone
status: experimental
references:
  - Internal research
logsource:
  product: github
  service: audit
detection:
  selection:
    action|contains:
      - 'oauth_access.create'
      - 'personal_access_token.create'
  filter:
    created_at: '<2026-03-19'
  condition: selection and not filter
fields:
  - actor
  - oauth_application_id
  - created_at
falsepositives:
  - Long-lived automation tokens
level: high
tags:
  - attack.credential_access
  - attack.t1552.004

Focus on tokens created before March 19, 2026 that still have repository write access

T1219 — Remote Access Software (Command and Control) [P2]

Threat actors abuse legitimate RMM tools (ScreenConnect, AteraAgent, MeshAgent) for persistent access, accounting for 26% of endpoint detections in MSP environments

Splunk SPL:

index=windows sourcetype=sysmon EventCode=1 (Image="*\\ScreenConnect.ClientService.exe" OR Image="*\\AteraAgent.exe" OR Image="*\\MeshAgent.exe") AND (CommandLine="*relay*" OR ParentImage!="*\\services.exe") | stats count by ComputerName, Image, CommandLine | where count > 0

Elastic KQL:

event.code:1 AND (process.executable:(*ScreenConnect.ClientService.exe OR *AteraAgent.exe OR *MeshAgent.exe)) AND (process.command_line:*relay* OR NOT process.parent.executable:*services.exe)

Sigma Rule:

title: Unauthorized RMM Tool Execution
id: 5d7e8a3b-9f2c-4b7a-8e1d-3c5f7a9b2e4d
description: Detects execution of RMM tools commonly abused by ransomware groups
author: RedSheep Security/Stone
status: experimental
references:
  - Internal research
logsource:
  product: windows
  category: process_creation
detection:
  selection_process:
    - Image|endswith:
        - '\ScreenConnect.ClientService.exe'
        - '\AteraAgent.exe'
        - '\MeshAgent.exe'
  selection_suspicious:
    - CommandLine|contains: 'relay'
    - ParentImage|endswith|not: '\services.exe'
  condition: selection_process and selection_suspicious
falsepositives:
  - Legitimate IT support activity
level: high
tags:
  - attack.command_and_control
  - attack.t1219

Cross-reference with authorized RMM deployment list. Alert on any instance not approved by IT.

T1059.004 — Command and Scripting Interpreter: Unix Shell (Execution) [P1]

TeamPCP deployed kamikaze.sh and setup.sh scripts for credential harvesting and data exfiltration

Splunk SPL:

index=linux sourcetype=sysmon EventID=1 (Image="*/bash" OR Image="*/sh") (CommandLine="*kamikaze.sh*" OR CommandLine="*setup.sh*" OR CommandLine="*docs-tpcp*") | stats count by host, CommandLine, User

Elastic KQL:

event.dataset:"process" AND (process.name:(bash OR sh)) AND process.args:(kamikaze.sh OR setup.sh OR docs-tpcp)

Sigma Rule:

title: TeamPCP Shell Script Execution
id: 7a4e5d8b-3c9f-4a2e-8b1d-5f7c9a2b3e8d
description: Detects execution of known TeamPCP credential stealer scripts
author: RedSheep Security/Stone
status: experimental
references:
  - Internal research
logsource:
  product: linux
  category: process_creation
detection:
  selection:
    Image|endswith:
      - '/bash'
      - '/sh'
    CommandLine|contains:
      - 'kamikaze.sh'
      - 'setup.sh'
      - 'tpcp.tar.gz'
  condition: selection
falsepositives:
  - Unlikely
level: critical
tags:
  - attack.execution
  - attack.t1059.004

These are known malicious script names. Any detection should trigger immediate response.

T1567.002 — Exfiltration Over Web Service: Exfiltration to Cloud Storage (Exfiltration) [P1]

TeamPCP exfiltrates data via attacker-created GitHub repositories named docs-tpcp and archives named tpcp.tar.gz

Splunk SPL:

index=proxy (dest="github.com" OR dest="api.github.com") method=POST uri_path="*/repos*" | rex field=uri_path "repos/(?<repo_name>[^/]+)" | where match(repo_name, "docs-tpcp") OR match(cs_bytes, "tpcp\.tar\.gz")

Elastic KQL:

destination.domain:(github.com OR api.github.com) AND http.request.method:POST AND (url.path:*docs-tpcp* OR http.request.body.content:*tpcp.tar.gz*)

Sigma Rule:

title: GitHub Repository Creation with TeamPCP Pattern
id: 9b3e7d4a-2c5f-4e8b-9a1d-7f8c5b4a2e3d
description: Detects creation of GitHub repositories matching TeamPCP exfiltration pattern
author: RedSheep Security/Stone
status: experimental
references:
  - Internal research
logsource:
  category: proxy
detection:
  selection:
    c-uri|contains:
      - '/repos'
      - 'docs-tpcp'
    cs-method: 'POST'
    r-dns|contains:
      - 'github.com'
      - 'api.github.com'
  condition: selection
falsepositives:
  - Unlikely given specific repository name
level: critical
tags:
  - attack.exfiltration
  - attack.t1567.002

Also monitor for tar.gz file creation in CI/CD environments followed by large outbound transfers

T1071.001 — Application Layer Protocol: Web Protocols (Command and Control) [P1]

TeamPCP malware polls checkmarx.zone/raw every 50 minutes for additional payloads

Splunk SPL:

index=proxy dest="checkmarx.zone" uri_path="*/raw" | bucket _time span=1h | stats count by _time, src_ip | where count >= 1 | streamstats window=2 range(_time) as time_diff by src_ip | where time_diff > 2700 AND time_diff < 3300

Elastic KQL:

destination.domain:"checkmarx.zone" AND url.path:*raw* | bucket 1h | stats count by source.ip | where count >= 1

Sigma Rule:

title: Checkmarx Zone C2 Beaconing
id: 4d8e7a5b-9c2f-4b3a-8e7d-1f9b5c8a3d7e
description: Detects periodic connections to TeamPCP C2 infrastructure
author: RedSheep Security/Stone
status: experimental
references:
  - Internal research
logsource:
  category: proxy
detection:
  selection:
    r-dns: 'checkmarx.zone'
    c-uri|endswith: '/raw'
  timeframe: 1h
  condition: selection | count() by src > 1
falsepositives:
  - None expected
level: critical
tags:
  - attack.command_and_control
  - attack.t1071.001

50-minute beacon interval is highly specific. Any match is high confidence.

T1486 — Data Encrypted for Impact (Impact) [P2]

Traditional ransomware groups like Qilin and Akira still deploy encryption, but many groups now skip this step entirely

Splunk SPL:

index=windows sourcetype=sysmon EventCode=11 TargetFilename="*.encrypted" OR TargetFilename="*.locked" OR TargetFilename="*HOW_TO_DECRYPT*" | bin _time span=1m | stats dc(TargetFilename) as files_encrypted by _time, ComputerName | where files_encrypted > 100

Elastic KQL:

event.code:11 AND file.path:(*.encrypted OR *.locked OR *HOW_TO_DECRYPT*) | stats cardinality(file.path) by host.name | where cardinality > 100

Sigma Rule:

title: Mass File Encryption Activity
id: 6c9e4d7a-2b5f-4a3e-8c7d-3f8b9e5a2c4d
description: Detects mass file encryption indicative of ransomware execution
author: SigmaHQ
status: stable
references:
  - https://github.com/SigmaHQ/sigma/blob/master/rules/windows/file_event/file_event_win_ransomware_indicators.yml
logsource:
  product: windows
  category: file_event
detection:
  selection:
    TargetFilename|endswith:
      - '.encrypted'
      - '.locked'
      - '.enc'
      - '.crypt'
    EventID: 11
  timeframe: 1m
  condition: selection | count(TargetFilename) by ComputerName > 100
falsepositives:
  - Legitimate encryption tools
  - Backup software
level: critical
tags:
  - attack.impact
  - attack.t1486

Modern groups often skip encryption. Also hunt for pure data theft without encryption.

Indicators of Compromise

IOC Sweep Queries (Splunk):

index=* (dest="checkmarx.zone" OR query="checkmarx.zone" OR cs_host="checkmarx.zone") | stats count by sourcetype, src_ip

index=* (dest_ip="83.142.209.11" OR src_ip="83.142.209.11") | stats count by sourcetype, src_ip, dest_port

index=* ("kamikaze.sh" OR CommandLine="*kamikaze.sh*" OR TargetFilename="*kamikaze.sh") | stats count by host, sourcetype

index=* ("setup.sh" OR CommandLine="*setup.sh*" OR TargetFilename="*setup.sh") | stats count by host, sourcetype

index=* "docs-tpcp" | stats count by sourcetype, host

index=* ("tpcp.tar.gz" OR TargetFilename="*tpcp.tar.gz" OR cs_uri_query="*tpcp.tar.gz*") | stats count by host, sourcetype

index=* "plain-crypto-js" | stats count by host, sourcetype

index=windows (Image="*ScreenConnect.ClientService.exe" OR process_name="ScreenConnect.ClientService.exe") | stats count by host

index=windows (Image="*AteraAgent.exe" OR process_name="AteraAgent.exe") | stats count by host

index=windows (Image="*MeshAgent.exe" OR process_name="MeshAgent.exe") | stats count by host

YARA Rules

TeamPCP_Stealer_Scripts — Detects TeamPCP credential stealer shell scripts

rule TeamPCP_Stealer_Scripts
{
    meta:
        description = "Detects TeamPCP credential stealer scripts kamikaze.sh and setup.sh"
        author = "RedSheep Security/Stone"
        date = "2024-01-07"
        reference = "Internal threat research"
    strings:
        $script1 = "kamikaze.sh" ascii
        $script2 = "setup.sh" ascii
        $repo = "docs-tpcp" ascii
        $archive = "tpcp.tar.gz" ascii
        $domain = "checkmarx.zone" ascii
        $path = "/raw" ascii
        $token1 = "GITHUB_TOKEN" ascii
        $token2 = "oauth_token" ascii
    condition:
        2 of them
}

RMM_Tool_Abuse — Detects commonly abused RMM tools in ransomware campaigns

rule RMM_Tool_Abuse
{
    meta:
        description = "Detects RMM tools commonly abused by ransomware groups"
        author = "RedSheep Security/Stone"
        date = "2024-01-07"
        reference = "Internal threat research"
    strings:
        $rmm1 = "ScreenConnect.ClientService.exe" ascii wide
        $rmm2 = "AteraAgent.exe" ascii wide
        $rmm3 = "MeshAgent.exe" ascii wide
        $relay = "relay" ascii wide
        $port1 = ":443" ascii
        $port2 = ":8040" ascii
        $port3 = ":8041" ascii
    condition:
        any of ($rmm*) and ($relay or any of ($port*))
}

Suricata Rules

SID 1000001 — TeamPCP C2 communication to checkmarx.zone

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE TeamPCP C2 Communication to checkmarx.zone"; flow:to_server,established; content:"Host|3a 20|checkmarx.zone"; http_header; content:"/raw"; http_uri; sid:1000001; rev:1;)

SID 1000002 — TeamPCP C2 communication to 83.142.209.11

alert tls $HOME_NET any -> 83.142.209.11 443 (msg:"ET MALWARE TeamPCP C2 Communication to Known IP"; flow:to_server,established; sid:1000002; rev:1;)

SID 1000003 — GitHub API suspicious repository creation

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Possible TeamPCP GitHub Exfiltration Repository Creation"; flow:to_server,established; content:"POST"; http_method; content:"/repos"; http_uri; content:"docs-tpcp"; http_client_body; sid:1000003; rev:1;)

Data Source Requirements

Sources

• Group-IB: Six Supply Chain Attack Groups to Watch Out for in 2026
• JazzCyberShield: Cybersecurity Threats 2026: Ransomware, AI Attacks & Defense
• Guardz Report: 9 Out Of 10 SMBs Have Compromised Users
• The Register: Ongoing supply-chain attack targets security, dev tools
• Microsoft Security Blog: Mitigating the Axios npm supply chain compromise
• Zscaler ThreatLabz: Supply Chain Attacks Surge in March 2026
• Huntress: Ransomware Trends 2026: What's Changing
• Unit 42: Weaponizing the Protectors: TeamPCP's Multi-Stage Supply Chain Attack
• Checkmarx Security Update: March 23
• The Hacker News: TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials