TeamPCP and BreachForums Launch $1,000 Contest for Supply Ch...

TeamPCP and BreachForums have launched a $1,000 Monero prize contest encouraging participants to compromise open source packages using Shai-Hulud, a supply chain attack tool released as open source. The contest scores entries by weekly and monthly download counts of compromised packages, incentivizing both high-profile single targets and broad ecosystem attacks. Security firm Socket, which has been tracking TeamPCP's activity across npm, PyPI, GitHub Actions, Docker, and other ecosystems, warns that even a small prize can attract reckless actors willing to attempt copycat attacks. TeamPCP has been systematically targeting CI/CD workflows and developer tooling to harvest credentials for downstream enterprise breaches, with fallout already touching AI, manufacturing, government cloud, and financial sectors.