TeamPCP is a supply chain threat group that weaponized trusted security scanning tools and CI/CD pipeline components, and as of late March 2026 has entered an active monetization phase exploiting previously compromised development environments — attribution and timeline are based on secondary sources pending primary confirmation. Techniques include credential theft from pipeline secrets, lateral tool transfer, and possible ransomware or destructive capability in the monetization phase. Organizations should immediately audit CI/CD pipeline runners, rotate all pipeline secrets and tokens, verify dependency integrity against SBOMs, and review NIST SP 800-204D for supply chain pipeline security controls.