
Trivy / TeamPCP - How to check if you're exposed
Strand Intelligence has released a free, open-source scanner to detect exposure to the TeamPCP supply chain attack (CVE-2026-33634) — one of the most significant software supply chain compromises of 2026. If your organisation uses Trivy, GitHub Actions, LiteLLM, or any of 66+ compromised npm packages, run this tool to find out in minutes whether your credentials, infrastructure, or developer machines were affected.




