Q1 2026 saw a sharp rise in AI-assisted supply chain abuse, zero-day exploitation, and destructive attacks, capped by the TeamPCP campaign, the Stryker incident, and growing ransomware partnerships. Security teams must assume fast-moving compromise windows, validate exposure during exploitation, and strengthen defense-in-depth across CI/CD, identity, cloud, and endpoint environments. #TeamPCP #Trivy #Checkmarx #LiteLLM #Stryker #HandalaGroup #MicrosoftEntra #MicrosoftIntune #Vect #Mythos #CISAKEV
Keypoints
- TeamPCP used AI-assisted access to compromise Trivy, Checkmarx KICS, and LiteLLM through a developer supply chain campaign.
- Stolen credentials spread the attack to Cisco, the European Commission, Mercor, and more than 66 software packages.
- Handala Group used Microsoft Entra and Intune to remotely wipe over 200,000 systems at Stryker.
- Q1 2026 saw 15,243 new CVEs and 40 vulnerabilities actively exploited in the wild.
- Ransomware and BEC attacks still relied heavily on compromised credentials, exposed remote access, and vendor impersonation.
Read More: https://beazley.security/insights/quarterly-threat-report-first-quarter-2026