BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//RecertHero//RecertHero CE//EN
CALSCALE:GREGORIAN
METHOD:PUBLISH
BEGIN:VEVENT
UID:b2608bf2-31fd-4d84-9a5a-f55f3d1d1ad6@recerthero.com
DTSTAMP:20260520T235549Z
DTSTART:20260429T071613Z
DTEND:20260429T081613Z
SUMMARY:2026 Supply Chain Attacks: Axios NPM and TeamPCP Compromises
DESCRIPTION:In early 2026\, we witnessed an escalation in software supply c
 hain attacks. Threat actors are increasingly targeting widely used open-so
 urce tools and repositories to maximize their downstream impact. Notably\,
  the North Korean threat actor UNC1069 compromised the widely used Axios N
 PM package\, introducing a malicious dependency into a platform that sees 
 over 100 million weekly downloads. Simultaneously\, the threat group TeamP
 CP orchestrated a cascading supply chain compromise targeting CI/CD pipeli
 nes via popular tools like the Trivy vulnerability scanner\, Checkmarx Git
 Hub Actions and the LiteLLM PyPI package. These compromised pipelines were
  weaponized to harvest cloud credentials for later data theft and extortio
 n\, and to pave the way for potential ransomware deployment. On April 16\,
  2026 at 1:00 pm Eastern/10:00 a.m. Pacific\, sponsor Google and host ISC2
  will provide a look at the rapid evolution\, impact and response to these
  dual supply chain campaigns. This session will cover: -An overview of the
  North Korea-nexus UNC1069 campaign targeting Axios NPM releases\, detaili
 ng how the plain-crypto-js malicious dependency was used to deploy the WAV
 ESHAPER.V2 backdoor across Windows\, macOS and Linux environments. -The ta
 ctics\, techniques and procedures (TTPs) of TeamPCP\, including their depl
 oyment of the SANDCLOCK credential stealer via poisoned GitHub Actions to 
 extract cloud credentials\, local environment variables and cryptocurrency
  wallets. -How TeamPCP and collaborating actors stole highly privileged cl
 oud tokens to facilitate data extortion and planned deployments of VECTORL
 OCK ransomware. -Actionable guidance and rapid response strategies alongsi
 de critical remediation steps like dependency pinning\, auditing lockfiles
  and rotating exposed secrets. CPE Credit 1 Group A CPE Credit
URL:https://www.isc2.org/professional-development/webinars/security-briefing?commid=665672
LOCATION:Online (BrightTALK)
END:VEVENT
END:VCALENDAR