TeamPCP Supply Chain Attack Allegedly Compromised Databricks Platform

Databricks is currently investigating an alleged security compromise connected to the massive TeamPCP software supply chain attack after being alerted by threat intelligence researchers.

According to International Cyber Digest, Databricks was notified of the potential breach last week. The organization reportedly took the alert seriously, scaling up its incident response teams immediately to investigate the claims.

While the extent of the alleged compromise remains unconfirmed, Databricks has yet to release an official statement regarding the findings. This development closely follows Databricks’ recent expansion into the cybersecurity sector with the launch of its AI-driven Lakewatch security platform.

TeamPCP Attack Methodology

The TeamPCP threat group, also tracked as PCPcat and ShellForce, initiated a sprawling supply chain campaign in March 2026 that successfully breached five major ecosystems, including GitHub Actions, Docker Hub, PyPI, NPM, and OpenVSX.

The threat actors targeted security-adjacent developer tools such as Aqua Security’s Trivy, Checkmarx infrastructure-as-code scanners (KICS), and the LiteLLM AI proxy.

By poisoning trusted software repositories and CI/CD pipelines, TeamPCP distributed a sophisticated credential harvester known as the TeamPCP Cloud stealer, tracked under CVE-2026-33634.

The malware is specifically designed to siphon environment variables, Kubernetes configurations, and cloud tokens across major providers like AWS, Google Cloud, and Microsoft Azure exposed during automated build processes.

During execution, the payload typically retrieves subsequent stages from malicious domains via major JavaScript package managers. Harvested secrets are encrypted and exfiltrated as compressed archives, with the threat actors actively utilizing vendor-specific typosquatting and fallback GitHub repositories to evade detection.

Mitigations

Organizations using affected security scanners or platforms connected to the TeamPCP supply chain web must assume potential credential exposure. Security teams are advised to immediately rotate all secrets, tokens, and cloud credentials that were accessible to CI runners during the impact window.

Furthermore, administrators should audit their GitHub Actions workflow logs for any unauthorized outbound traffic to known malicious domains or references to the exfiltration archives.

Identifying unauthorized repository creation, particularly those utilizing the threat actor’s fallback naming conventions, remains a critical detection mechanism for compromised environments.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.