If you caught Part 1 last week, you know the shape of what TeamPCP has been running since December 2024: one supply chain campaign, still expanding, with credentials stolen over a year ago still being spent today. Part 2 is about what to do with that information.

Regardless of what software your organization uses, somewhere in the chain between the developer who wrote it and the system running it, there's a build pipeline. You don't see it. You don't manage it. But it had access to a lot of sensitive infrastructure, and depending on what tools that pipeline used and when, it may have been inside a TeamPCP compromise window.

That's the reality of supply chain attacks at this scale. The breach doesn't happen to you directly. It happens to a tool you trust, which was built using another tool someone trusted, and the credential collection happens quietly in the background while everything appears to be working fine. By the time anyone knows something went wrong, the attacker has already moved on to the next stage.

So, what do you do with that?

Stop Treating "We Weren't Directly Affected" as a Closed Answer

If your organization uses any of the compromised tools we outlined in Part 1 — Bitwarden's CLI, any Aqua Security tooling, Checkmarx products, LiteLLM, or any of the other downstream victims in this campaign — the vulnerability itself isn't the right place to focus. What matters is whether credentials your organization relies on were ever accessible to a build environment running compromised tooling.

Those are vastly different questions, and the second one is harder to answer and more important to ask.

Your software vendors should be able to answer it. "Was your build pipeline affected by the TeamPCP campaign? Which tools did it use and during which timeframes? What credential rotation did you perform after each exposure window, and how do you know the rotation was complete?"

These are reasonable questions to ask of any vendor whose tooling runs with elevated access in your environment. If a vendor can't answer them clearly, that tells you something worth knowing.

Credential Rotation Is Not a "We'll Get to It" Item

The Trivy incident is instructive here. Aqua Security detected an initial compromise in February 2026, rotated credentials, and considered the incident closed. TeamPCP returned three weeks later using credentials that survived the incomplete rotation and ran a significantly more damaging operation. Incomplete rotation is operationally worse than no rotation. It creates a false sense of closure while the attacker retains access with a much clearer picture of what's still valid.

If any tool in your environment, or in your vendors' environments, was inside a TeamPCP exposure window, every credential that was accessible to that environment needs to be treated as compromised until proven otherwise and rotated accordingly.

Start Asking Your Vendors Harder Questions

Not "are you patched,” that's the wrong question for this class of attack. The right questions are:

  • How do you verify the integrity of the tools your build pipeline depends on?
  • What's your process when a tool you depend on gets compromised?
  • How quickly can you identify and rotate every credential that was in scope during a compromise window?
  • Do you have visibility into what your pipeline has access to?

These questions don't have easy answers, and a vendor who gives you an easy answer probably doesn't have a good one. What you're looking for is evidence that they've thought about this seriously and that they treat their build pipeline as a security boundary, not as background infrastructure.

Where This Leaves MSPs

The supply chain attack model TeamPCP has refined works because the open-source ecosystem runs on trust relationships between maintainers and the assumption that the tool you downloaded is the tool that was built. When that assumption breaks at scale, the blast radius is enormous and the cleanup takes months. We are currently inside one of those cleanups, and the full extent of it won't be known for some time.

Across both parts of this series, the through-line is the same: the attack already happened, the credentials are already out there, and the organizations that handle this well won't be the ones that patched fastest. They'll be the ones that asked better questions of their vendors, rotated credentials completely rather than partially, and treated supply chain exposure as an ongoing operational problem rather than a series of individual incidents to close out.

That's the posture this campaign demands. The vendors who built their pipelines carefully will have good answers when you ask. The ones who didn't are going to find out in the next round of headlines.

And so will their customers.