The 72-Hour Blitz: How TeamPCP Weaponized GitHub to Steal Enterprise Credentials
The 72-Hour Blitz: How TeamPCP Weaponized GitHub to Steal Enterprise Credentials TL;TR Between late 2024 and early 2025, a threat actor known as TeamPCP executed a high-velocity “blitz” on the GitHub ecosystem. By creating hundreds of malicious repositories that mimicked high-trust DevOps tools like Trivy, Checkmarx, and LiteLLM, they successfully tricked developers into executing credential-stealing malware. The attack utilized automated infrastructure to saturate search