// #source-code-theft
3 articles
TeamPCP Gang Advertising Stolen Mistral AI Source Code Repositories for Sale — Part of Shai-Hulud Supply Chain Campaign
The TeamPCP extortion group is advertising stolen Mistral AI source code repositories on dark web forums, claiming access was obtained as a side effect of the Shai-Hulud npm supply chain campaign targeting AI development infrastructure. The breach potentially exposes Mistral's proprietary model training code, API infrastructure, and internal tooling to competitors and nation-state actors.
Trellix Confirms Source Code Repository Breach — Forensic Investigation Underway
Cybersecurity vendor Trellix has confirmed unauthorised access to an internal source code repository, with law enforcement notified and a forensic investigation ongoing. The breach raises concerns about potential weaponisation of security product internals against Trellix's enterprise customer base.
DPRK Scales npm Malware Campaign With AI-Generated Code, Fake Tech Firms, and Remote RAT Deployment
North Korean threat actors have launched a new wave of npm supply chain attacks using AI-generated malicious package code that bypasses static analysis tools, fake software development firms as cover identities, and a multi-stage RAT that exfiltrates source code, cryptographic keys, and credentials from developer workstations. The campaign targets blockchain, DeFi, and fintech developers — organisations in these sectors should audit npm dependencies and developer machine security.