From Trivy to LiteLLM: The Domino Effect of TeamPCP’s Attack

GitHub Breach: Inside the Team PCP Supply Chain Breach

In this episode of Bad Dependencies, we analyze the reported leak of GitHub's source code and the sale of thousands of its repositories. We map out the chain of events leading up to the incident, including recent compromises of a Visual Studio Code extension and a PyPI package. The discussion covers the tactics of the threat actor group Team PCP, the practical limitations of rapid credential rotation at scale, and why implementing a cooldown period for dependency updates can help safeguard your development pipeline. -- This episode is sponsored by Aikido Security: Protect your developer environments from supply chain attacks with Aikido Device Security. Learn more at aikido.dev/protect/device-protection.

Shai-Hulud is Back: TanStack & Mistral AI Breach by TeamPCP Mini Worm

In this episode of Bad Dependencies, we dive into the "wormy" chaos of the latest supply chain attack hitting the JavaScript ecosystem. Join researcher Charlie Eriksen as he breaks down how the threat actor group TeamPCP compromised the widely-used TanStack ecosystem and successfully pivoted into Mistral AI. We explore the technical "perfection" of this attack: a lethal combination of pull_request_target misconfigurations, GitHub Actions cache poisoning, and OIDC signature abuse. Charlie also sheds light on a terrifying new trend, the attackers have open-sourced their worm, complete with a "dead man's switch" designed to wipe infected machines if credentials are revoked.

From Trivy to LiteLLM: The Domino Effect of TeamPCP’s Attack

In this episode of Bad Dependencies, Mackenzie and security researcher Charlie Erickson break down a fast-moving software supply chain attack led by Team PCP.Starting with the compromise of Trivy, the attackers leveraged stolen credentials to spread into ecosystems like NPM and LiteLLM, impacting widely used developer tools and AI infrastructure. The conversation explores how the attack evolved, including worm-like behavior, credential harvesting, and ransomware tactics.Charlie shares real-time insights into the attackers’ methods, motivations, and the ongoing nature of the incident, along with practical advice on mitigation such as credential rotation, dependency pinning, and securing CI/CD pipelines.

Inside ShaiHulud 2.0: The Supply-Chain Worm That Read Your Secrets

In this episode, I sit down with Charlie Eriksen, the researcher who uncovered the Shai Hulud 2.0 campaign, for a deep dive into one of the wildest supply-chain attacks we’ve seen. What began as a strange detection quickly unraveled into a worm that spread across npm, GitHub, and even a compromised Open VSX extension. “Patient Zero” was AsyncAPI, where the attackers exploited a subtle GitHub Actions flaw that let them run malicious code inside the org’s own CI pipelines without their pull request ever being merged. Unmerged PR → full RCE → stolen org-level credentials. From there, the worm propagated through packages, harvested secrets with TruffleHog, dumped them into tens of thousands of GitHub repos, and, most shockingly, contained a wiper mode that deleted a victim’s entire home directory if it couldn’t create new repos. It’s a fascinating and slightly terrifying look at how modern supply-chain attacks actually work under the hood. Give it a listen.

The OpenVSX Supply Chain Attack: Invisible Malware in VS Code - Bad Dependencies Podcast

In this episode of Bad Dependencies, Mackenzie Jackson and Charlie Eriksen dive into one of the most sophisticated malware incidents to target developers — the OpenVSX compromise. They unpack how attackers hid malicious code using Unicode obfuscation, discuss the shift from npm to VS Code extension attacks, and explore how the open-source ecosystem is responding. The episode also covers npm’s new token policies, trusted publishing, and what these changes mean for the future of supply chain security.Chapters:00:00 – Introduction & Discovery02:00 – What is OpenVSX and How It Works03:40 – Anatomy of the Malware Attack05:00 – Unicode Obfuscation and Detection08:20 – Attackers Move from npm to VS Code11:00 – npm’s Security Policy Overhaul17:40 – Trusted Publishing and the Future of Supply Chain Security