Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
FortiBleed Vulnerability Exploited by INC and Lynx Ransomware to Steal Passwords
July 2, 2026
WhatsApp Username Reservations Raise Security Concerns for 2 Billion Users
July 2, 2026
Alleged Scattered Spider Member Extradited to US for 100+ Network Hacks
July 2, 2026
Home/CyberSecurity News/Critical TeamPCP Supply Chain Attack Compromised Databricks Platform
CyberSecurity News

Critical TeamPCP Supply Chain Attack Compromised Databricks Platform

Key Takeaways Databricks is currently investigating a potential security compromise linked to the TeamPCP supply chain attack. The TeamPCP campaign, tracked as PCPcat and ShellForce, targeted...

Jennifer sherman
Jennifer sherman
March 30, 2026 3 Min Read
59 0

Key Takeaways

  • Databricks is currently investigating a potential security compromise linked to the TeamPCP supply chain attack.
  • The TeamPCP campaign, tracked as PCPcat and ShellForce, targeted developer tools and CI/CD pipelines across five major software ecosystems.
  • The attack distributed the TeamPCP Cloud stealer (CVE-2026-33634), designed to harvest cloud credentials and sensitive environment variables.
  • The full extent of the alleged Databricks compromise is still unconfirmed, with no official statement released by the company.
  • Organizations are urged to rotate credentials and audit systems for indicators of compromise related to TeamPCP.

Databricks, a prominent cloud-based data analytics platform, is reportedly under investigation for a potential security breach. The incident is believed to be connected to the widespread TeamPCP software supply chain attack that has impacted various developer ecosystems.

Table Of Content

  • Key Takeaways
  • TeamPCP Attack Methodology
  • What You Should Do

According to reports from International Cyber Digest, Databricks received notification of the suspected compromise last week. In response, the company reportedly mobilized its incident response teams to thoroughly investigate the claims.

While the specifics of the alleged breach at Databricks remain unconfirmed, the company has not yet issued an official statement regarding its findings. This development comes shortly after Databricks expanded its own cybersecurity offerings with the introduction of its AI-powered Lakewatch security platform.

🚨‼ BREAKING: Databricks allegedly compromised in a TeamPCP supply chain attack.

Databricks is the leading cloud-based data analytics platform: used by organizations worldwide to manage massive datasets.

We notified them last week. They scaled up to investigate. We haven’t… pic.twitter.com/ncRjecLOjJ

— International Cyber Digest (@IntCyberDigest) March 30, 2026

TeamPCP Attack Methodology

The TeamPCP threat group, also identified by researchers as PCPcat and ShellForce, launched an extensive supply chain attack campaign in March 2026. This operation successfully infiltrated five major developer ecosystems: GitHub Actions, Docker Hub, PyPI, NPM, and OpenVSX.

The attackers specifically targeted developer tools that are closely related to security, including Aqua Security’s Trivy, Checkmarx’s infrastructure-as-code scanners (KICS), and the LiteLLM AI proxy.

Through the compromise of trusted software repositories and continuous integration/continuous deployment (CI/CD) pipelines, TeamPCP deployed a sophisticated credential harvesting malware known as the TeamPCP Cloud stealer, tracked under CVE-2026-33634.

This malware is engineered to extract critical environment variables, Kubernetes configurations, and cloud tokens from major providers such as AWS, Google Cloud, and Microsoft Azure, particularly those exposed during automated build processes.

During its execution, the payload typically retrieves subsequent stages from malicious domains, often leveraging major JavaScript package managers. The stolen secrets are then encrypted and exfiltrated in compressed archives. The threat actors employed tactics such as vendor-specific typosquatting and the use of fallback GitHub repositories to bypass detection mechanisms.

What You Should Do

  • Assume potential credential exposure for any systems or CI/CD runners that interacted with affected security scanners or platforms linked to the TeamPCP supply chain.
  • Immediately rotate all secrets, tokens, and cloud credentials that were accessible to CI/CD runners during the identified impact window.
  • Audit GitHub Actions workflow logs and other CI/CD pipeline logs for any unauthorized outbound network traffic to known malicious domains or references to exfiltration archives.
  • Monitor for the creation of unauthorized repositories, especially those using naming conventions associated with the threat actor’s fallback strategies, as a critical indicator of compromise.
  • Implement enhanced monitoring for unusual activity related to cloud API calls and access patterns from compromised accounts.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackBreachCVECybersecurityMalwareSecurityThreat

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Critical FortiClient EMS flaw exploited in attacks, patch now

Next Post

Critical Grafana Flaws Allow Remote Code Execution

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Reduce Alert Fatigue to Improve SOC Efficiency and Cut Business Costs
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us