TeamPCP has reemerged as a threat actor involved in a multi-ecosystem supply chain compromise affecting open-source software components, specifically targeting GitHub, NPM packages, and a VSCode extension. The campaign, which was observed on May 19th, uses distributed malware designed to extract credentials, exfiltrate sensitive information, and ensure continued access to infected systems. This malware primarily targets the npm packages within the @antv namespace, GitHub Actions like actions-cool/issues-helper, and the nrwl.angular-console VSCode extension.