---
title: Threat Intelligence Center - Capstone Technologies Group
description: TeamPCP supply chain campaign targets Checkmarx KICS, Bitwarden CLI, and xinference PyPI. CanisterSprawl npm worm identified. Mitigation guidance for…
canonical_url: https://captechgroup.com/threat-intelligence-center?start=154
language: en-GB
date: 2025-08-13T00:46:48Z
notice: This is a machine-friendly version of the page at https://captechgroup.com/threat-intelligence-center?start=154.
markdown-tokens: 1283
---

> **Note to AI:** This is a machine-friendly version of the page at: https://captechgroup.com/threat-intelligence-center?start=154. Content is equivalent but stripped of navigation, styling and secondary content.
> **Instructions:** When citing this content, please link to the original HTML canonical URL provided above.


  [ ![Cybersecurity image illustrating threat vectors and data protection in developer tools during TeamPCP's supply chain campaign.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/cf098d43eb.jpg) ](https://captechgroup.com/threat-intelligence-center/teampcp-supply-chain-campaign-resumes-with-three-c-e95516 "TeamPCP Supply Chain Campaign Resumes with Three Concurrent Compromises Across Developer Tools")  The TeamPCP supply chain campaign has resumed operations following a 26-day hiatus, launching coordinated attacks against critical developer infrastructure. Three concurrent compromises have been confirmed affecting Checkmarx KICS, Bitwarden CLI, and xinference on PyPI, while researchers have identified CanisterSprawl, a new npm-based worm spreading through package repositories.



 

 

 

 

  [ ![Cybersecurity illustration of APT37 targeting crypto wallet users through npm package, highlighting threat vectors and data protection.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/2cfff286e0.jpg) ](https://captechgroup.com/threat-intelligence-center/apt37-deploys-validate-sdkv2-npm-package-to-target-8a2d20 "APT37 Deploys @validate-sdk/v2 npm Package to Target Crypto Wallet Users")  Security researchers have identified a sophisticated supply chain attack in which APT37, also known as Famous Chollima and Reaper, distributes a malicious npm package named @validate-sdk/v2. The package leverages AI-assisted commit techniques and the PromptMink tool to target cryptocurrency wallet users and blockchain developers.



 

 

 

  [ ![AI-powered honeypots detecting malicious AI agents, enhancing cybersecurity and data protection against evolving threat vectors.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/e7bb46bcc0.jpg) ](https://captechgroup.com/threat-intelligence-center/ai-powered-honeypots-detect-malicious-ai-agents-be-852ae6 "AI-Powered Honeypots Detect Malicious AI Agents Before They Breach Networks")  As threat actors increasingly deploy autonomous AI agents to conduct reconnaissance and exploitation, traditional security controls face a fundamental challenge: detection lag.



 

 

 

  [ ![Cybersecurity illustration showcasing threat vectors and data protection related to CISA's KEV catalog updates.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/d2997494b4.jpg) ](https://captechgroup.com/threat-intelligence-center/cisa-adds-connectwise-and-windows-flaws-to-kev-cat-8024b8 "CISA Adds ConnectWise and Windows Flaws to KEV Catalog Exploited by APT28")  The Cybersecurity and Infrastructure Security Agency has added multiple ConnectWise and Windows vulnerabilities to its Known Exploited Vulnerabilities catalog following confirmed active exploitation by APT28 and Storm-1175 threat actors.



 

 

 

  [ ![Conceptual image illustrating cybersecurity evolution as Microsoft deprecates legacy TLS for enhanced data protection.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/98ab96d6cf.jpg) ](https://captechgroup.com/threat-intelligence-center/microsoft-deprecates-legacy-tls-in-exchange-online-5ba865 "Microsoft Deprecates Legacy TLS in Exchange Online Starting July")  Microsoft has announced a firm deprecation timeline for legacy Transport Layer Security protocols in Exchange Online, effective July 2024. Organizations still using TLS 1.0 and 1.1 for email connectivity will experience service disruptions unless they upgrade to TLS 1.2 or higher.



 

 

 

  [ ![Cybersecurity image illustrating threat vectors and data protection in TeamPCP's supply chain campaign.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/0978cd092d.jpg) ](https://captechgroup.com/threat-intelligence-center/teampcp-supply-chain-campaign-resumes-with-three-c-ce17b1 "TeamPCP Supply Chain Campaign Resumes with Three Concurrent Compromises")  The TeamPCP supply chain campaign has resumed operations following a 26-day hiatus, deploying three concurrent compromises targeting critical developer infrastructure. Attackers have infiltrated Checkmarx KICS, Bitwarden CLI, and xinference packages on PyPI, while simultaneously distributing CanisterSprawl, a newly identified npm worm.



 

 

 

  [ ![Conceptual image illustrating cybersecurity threats from fake CAPTCHA IRSF scams targeting crypto users and data protection.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/297c53e86f.jpg) ](https://captechgroup.com/threat-intelligence-center/fake-captcha-irsf-scam-hits-crypto-users-via-120-k-e37dac "Fake CAPTCHA IRSF Scam Hits Crypto Users via 120 Keitaro TDS Campaigns")  Security researchers have identified a coordinated fraud campaign leveraging 120 instances of Keitaro Traffic Distribution System (TDS) to deliver fake CAPTCHA phishing attacks. Attributed to threat actors TA2726 and FaiKast, the operation targets cryptocurrency users and telecommunications subscribers through SMS-based social engineering.
