X
In March 2026, a criminal group called TeamPCP compromised five software ecosystems in eight days. Ten thousand companies hit. Tens of thousands of credentials stolen. AI used to build and deploy the malware. They announced a ransomware partnership and have publicly said they are not finished.
Then Axios - downloaded 100 million times a week - was hit. A remote access trojan pushed to anyone who ran npm install during a three-hour window. Attribution still under investigation.
Two major supply chain attacks. Twelve days apart. Both still unfolding.
Jeff Williams, founder and creator of the OWASP Top 10, joins Contrast Security's Dave Lindner and Naomi Buckwalter - two practitioners who have been tracking this in real time - for a frank, no-pitch conversation about what happened and what defenders need to do differently.
Schedule a demo and see how to eliminate your application-layer blind spots.
Book a demo
