#TeamPCP just partnered with #Vect ransomware. The same group that backdoored $Trivy, hijacked Checkmarx KICS, and trojanized #LiteLLM on PyPI — a package pulled 3.4M times per day — is now feeding 300GB of stolen credentials into a ransomware-as-a-service pipeline. 80-88% tors. We tracked the full campaign across 7 threats on Threadlinqs Intelligence: → .pth file persistence that survives pip uninstall and runs on every Python invocation → 332-line credential harvester sweeping AWS, GCP, Azure, K8s, SSH, npm tokens → Kubernetes lateral movement via privileged pods in kube-system → CanisterWorm — a self-replicating npm worm using blockchain (ICP) as C2 → 60,000+ compromised servers. 85 MITRE techniques. 63 detections written. The IOC correlation alone tells the story — scan.aquasecurtiy.org (the typosquatted domain) links all 7 campaign phases. Same RSA-4096 key. Same tpcp.tar.gz naming. Same kill-switch logic. Full deep dive with enriched IOCs, detection rules (SPL/KQL/Sigma): threadlinqs.com/blog/TL-2026-0…

The #Vect Ransomware Organization has announced a strategic partnership with the threat group #TeamPCP and #BreachForums community. This alliance aims to provide forum members with ransomware access and execute large-scale cyberattacks by leveraging supply chain compromises.

New #RaaS. Real capability. #Vect is live - and already hitting orgs in Brazil & South Africa. What stands out: • Custom C++ build (not recycled code) • ChaCha20 + intermittent encryption for speed • Windows, Linux & ESXi support • Safe Mode execution to suppress defenses • TOR-only infra + Monero payments Short lifespan. Unusual maturity. Likely expansion ahead. Read more from @InfosecurityMag👇infosecurity-magazine.com/news/researche…7

New claim on the shame-site for #ransomware / #datatheft group #Vect. Organization: Verlat Energy Peru S.A.C. Location: #Peru Industry: #RenewableEnergyPowerGeneration Staff: 11-50 employees Learn more at ecrime.ch

New claim on the shame-site for #ransomware / #datatheft group #Vect. Organization: Usha International Ltd. Location: #India Industry: #Manufacturing Staff: 1,001-5,000 employees Learn more at ecrime.ch

🚨 nuova rivendicazione #ransomware Italia 🚨 🏴‍☠️ gruppo #Vect 🧬 Keliweb SRL | Rende (CS) 🎯 settore: servizi wkeliweb.comEkxqrW 🗓️ 28 febbraio 2026 📄 sample: - ▪️ dati esfiltrati dichiarati: 200.00GB ▪️ dati esfiltrati pubblicati: - ⏲️ scadenza: 28 maro 2026 #ransomNews #cybersecurity #cyberthreats

New claim on the shame-site for #ransomware / #datatheft group #Vect. Organization: JDAAS Technology Pvt. Ltd. Location: #India Industry: #SoftwareDevelopment Staff: 11-50 employees Learn more at ecrime.ch

New claim on the shame-site for #ransomware / #datatheft group #Vect. Organization: Garpe Gestion SLU / Casas del Mediterráneo Location: #Spain Industry: #RealEstate Staff: 11-50 employees Learn more at ecrime.ch

New claim on the shame-site for #ransomware / #datatheft group #Vect. Organization: Keliweb s.r.l. Location: #Italy Industry: #ITServicesAndITConsulting Staff: 11-50 employees Learn more at ecrime.ch

New claim on the shame-site for #ransomware / #datatheft group #Vect. Organization: Sus Insumos Location: #Colombia Industry: #Wholesale Staff: 51-200 employees Learn more at ecrime.ch

New claim on the shame-site for #ransomware / #datatheft group #Vect. Organization: DelRey Serviços Internos Ltda. Location: #Brazil Industry: #StaffingAndRecruiting Learn more at ecrime.ch