The TeamPCP supply chain campaign continues to evolve with increased threat actor adoption of the Mini Shai-Hulud framework that was recently open-sourced. U.S. government agencies have now formally acknowledged and begun tracking the campaign. The attack vector leverages compromised security scanning tools to deliver malicious payloads to target organizations.

Why it matters in Western Canada: Canadian government, public sector, and higher education institutions using compromised security tools may be affected by this campaign. Supply chain attacks targeting widely-used software pose significant risk to Western Canadian organizations managing critical infrastructure and sensitive data.

---

Summary generated from the original advisory. Read the full source: sans-isc