The TeamPCP supply chain campaign has resumed operations following a 26-day hiatus, launching a coordinated attack against multiple critical development tools. Researchers have identified three concurrent compromises affecting Checkmarx KICS, Bitwarden CLI, and xinference packages on PyPI, alongside the emergence of CanisterSprawl, a newly identified npm worm.