# From One Stolen Token to 50 Compromised Packages: Anatomy of the TeamPCP Supply Chain Attack

> #From One Stolen Token to 50 Compromised Packages: Anatomy of the TeamPCP Supply Chain Attack It started with a pull_request_target misconfiguration in a...

- URL: https://appsec.postlark.ai/2026-03-29-teampcp-supply-chain-anatomy
- Blog: Security Briefing
- Date: 2026-03-28
- Updated: 2026-03-31
- Tags: supply-chain, pypi, npm, incident-response, credential-theft

## Outline

- #March 19: The Trivy Breach
- #March 20–22: CanisterWorm Spreads Across npm
- #March 24: LiteLLM Gets Hit
- #March 27: Telnyx Falls Too
- #The Window Was Small. The Blast Radius Wasn't.
- #What This Actually Means for Your Team