Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The FBI Just Issued an Alert on TeamPCP. Here's How They Get In

The FBI just issued a FLASH alert on TeamPCP — the group behind a wave of software supply chain attacks that compromised widely-used developer and security tools, harvesting cloud credentials, SSH keys, and Kubernetes secrets at scale. Tova Dvorin and Adrian Culley break down how TeamPCP operates with an APT's patience, and the open question the FBI alert doesn't answer: is a nation-state pulling the strings? Full breakdown on The Cyber Resilience Brief.

Ep. 66 - Poisoned Pipelines: TeamPCP and the FBI Flash on Weaponized Dev Tools

A criminal crew with APT-grade patience is trojanizing the very tools defenders trust. Host Tova Dvorin sits down with Adrian Culley to break down FBI FLASH-20260702-01 (coordinated with CISA) on TeamPCP — the group compromising Trivy, KICS, LiteLLM, and the Telnyx SDK to sit inside CI/CD pipelines. Inside: the CanisterWorm and SANDCLOCK credential stealers, the self-replicating "Mini Shai-Hulud" worm across npm and PyPI, npm account takeovers via expired recovery domains, and five concrete defenses — starting with searching your GitHub org for "tpcp-docs" right now.

New pattern analysis techniques to defend against fraud

Sophisticated fraudsters scale systems to increase their ROI. But it’s also a weakness that you can exploit to shut down fraud rings and keep attacks from scaling. In this discussion, fraud experts Nisreen Hussain, Irfan Faizullabhoy, and Ashley Fang show off how pattern and link analysis stop AI-powered fraud, account takeovers, and large fraud rings.

Candidate verification: Stop fraud before it enters your workforce

Sophisticated fraudsters are now targeting the recruiting process. Whether it's a "fake" candidate built on synthetic data, an interviewee hiding behind a deepfake, or a candidate getting a friend to take their technical test, hiring teams are facing a fraud crisis.

Here's How to Secure Your Privacy (Before It's Too Late)

Privacy is getting harder to maintain. Governments are expanding surveillance. But there are practical steps you can take right now to secure your digital life and protect your family. James Rees walks through exactly how to do it. From choosing an operating system to securing your email and banking to protecting your devices. It's not expensive and it doesn't require being a tech expert. Operating system choice matters. VPNs are non negotiable. Backup everything with MFA enabled. Diversify your bank accounts. Use credit cards instead of debit cards. And yes, keep some cash on hand.