TeamPCP PyPI attacks ๐Ÿ”„, HackerOne breach ๐Ÿ“Š, PureHVNC RAT ๐Ÿ€, Russian GRU ๐Ÿ‡ท๐Ÿ‡บ, malicious npm packages ๐Ÿ“ฆ

Daily Threat Intel Digest - 2026-03-25

๐Ÿ”ด Critical Threats & Active Exploitation

[UPDATE] TeamPCP compromises LiteLLM PyPI package in ongoing supply chain spree Expanding on their recent attacks against Aqua Security’s Trivy and Checkmarx, the TeamPCP threat actor has compromised the litellm Python packageโ€”a library with over 95 million monthly downloads. Malicious versions 1.82.7 and 1.82.8 contain multi-stage payloads designed to harvest cloud credentials (AWS, Azure, GCP), SSH keys, and Kubernetes tokens, exfiltrating them to attacker-controlled infrastructure including models.litellm.cloud. Users must immediately downgrade to version 1.82.6 and rotate all credentials exposed in environments where the affected versions ran [GBHackers; Cyberpress; Malware.news].

[NEW] HackerOne employee data exposed in Navia third-party breach A breach of third-party benefits provider Navia has exposed the personal data of 287 HackerOne employees, including names and identifiers, following unauthorized access between December 22, 2025, and January 15, 2026. While HackerOne’s bug bounty platform remained untouched, the incident highlights the risks of vendor-managed data supply chains. The stolen PII creates a high probability of targeted phishing attacks against security researchers and staff, necessitating heightened vigilance for social engineering attempts leveraging these details [SecurityWeek; Cyberpress; GBHackers].

๐ŸŽฏ Threat Actor Activity & Campaigns

[NEW] PureHVNC RAT distributed via trusted Google Forms Attackers are bypassing traditional email filters by using fraudulent Google Formsโ€”impersonating job interviews and project summariesโ€”to distribute the PureHVNC Remote Access Trojan. By exploiting the inherent trust of domains like docs.google.com, the campaign tricks professionals into downloading archives containing malicious loaders that use DLL sideloading to deploy the RAT. PureHVNC establishes deep persistence and systematically steals sensitive data from web browsers, cryptocurrency wallets, and messaging apps [Cyberpress].

[NEW] SILENTCONNECT campaign delivers ScreenConnect RAT with stealth loaders Elastic Security Labs identified a new campaign using a custom loader, “SILENTCONNECT,” to deliver the legitimate ScreenConnect RMM tool for malicious purposes. The attack chain begins with fake Cloudflare Turnstile CAPTCHA pages and uses a VBScript downloader to fetch a C# payload compiled in-memory via PowerShell. Notably, the malware employs Process Environment Block (PEB) masquerading to impersonate winhlp32.exe, effectively blinding EDR solutions that rely on trusted process names [Cyberpress].

[NEW] Russian GRU unit targets Signal and WhatsApp via social engineering Dutch intelligence (AIVD) has warned that Russian APT group Sandworm (GRU Unit 74455) is actively conducting cyber espionage against government employees and journalists. Rather than exploiting app vulnerabilities, the actors use social engineeringโ€”masquerading as Signal support bots or abusing “linked devices” featuresโ€”to hijack user accounts. Organizations must alert staff to verify all unsolicited contact requests and never share verification codes or SMS codes with third parties [Malware.news].

[NEW] Malicious npm packages exfiltrate crypto keys via Telegram Five typosquatting packages on the npm registry are actively targeting Solana and Ethereum developers by stealing wallet private keys. The packages, which impersonate popular crypto libraries, send stolen keys directly to a Telegram bot-based command-and-control channel. This campaign highlights the persistent risk of dependency confusion in software supply chains, requiring developers to strictly audit package sources and names before installation [GBHackers].

[NEW] “TroyDenโ€™s Lure Factory” pushes trojanized GitHub repos A large-scale malware operation tracked as “TroyDenโ€™s Lure Factory” is abusing GitHub to deliver a custom LuaJIT-based trojan to developers and gamers. The campaign spans over 300 delivery packages and uses AI-assisted lures ranging from OpenClaw deployment tools to game cheats and Roblox scripts to trick users into executing malicious code [GBHackers].

๐Ÿ“‹ Policy & Industry News

[NEW] FCC bans new foreign consumer routers over national security risks The U.S. Federal Communications Commission (FCC) has officially updated its “Covered List” to prohibit the authorization of new consumer-grade routers manufactured by certain foreign vendors. Citing severe cybersecurity risks and the potential for espionageโ€”linked to campaigns like Volt Typhoonโ€”this regulatory shift effectively blocks these devices from the U.S. market. Security teams must immediately update procurement policies to ensure new network edge devices comply with these restrictions [Cyberpress; GBHackers].

[NEW] Azure AI Foundry strengthens security with model scanning safeguards Microsoft has announced new defensive capabilities for Azure AI Foundry and Azure OpenAI Service to address supply chain risks in generative AI. The platform now includes proactive vulnerability scanning, malware analysis, and integrity validation for third-party models before they reach the catalog. These updates treat all model inputs and outputs as secure customer content, ensuring strict tenant isolation and zero-trust architecture for AI workloads [Cyberpress].

โšก Quick Hits

  • Tooling Update: Offensive Security released Kali Linux 2026.1, featuring 8 new tools (AdaptixC2, Atomic-Operator, SSTImap) and a nostalgic “BackTrack Mode” to celebrate the 20th anniversary of its predecessor [Cyberpress; GBHackers].
  • Design Flaw: Research indicates Google Authenticator’s passkey design relies heavily on a cloud-side component, potentially exposing new attack vectors if the cloud trust anchor or recovery mechanisms are compromised [GBHackers].