The FBI has issued a FLASH on the cybercriminal group TeamPCP, which has carried out large-scale software supply chain compromises by targeting widely used developers and security tools. The group has infiltrated victim environments and extracted sensitive data, including cloud access tokens, SSH keys, and Kubernetes secrets. TeamPCP has also engaged in extortion and collaboration with cyber actors from other threat actor groups, publishing victim names on a public leak site and threatening to release stolen data.