TeamPCP’s Five-Day Siege: How One Stolen Token Cascaded Across GitHub Actions, Checkmarx, VS Code Extensions, and npm

A single stolen GitHub token enabled TeamPCP to orchestrate an unprecedented, multi-vendor CI/CD supply chain attack that stealthily harvested credentials, deployed self-propagating npm malware with blockchain-based command-and-control, and compromised over 10,000 workflows—evading all traditional vulnerability detection methods.