7 min read
Threat Actors TeamPCP, tracked as UNC6780 by Google's Threat Intelligence Group, ran three coordinated supply chain campaigns in 2026 — poisoning Trivy, LiteLLM, and 170+ npm/PyPI packages — culminating in the theft of 3,800 GitHub internal repositories.