TeamPCP resumes supply chain attacks, poisoning xinference PyPI and triggering a Bitwarden CLI cascade via compromised Docker image.

The TeamPCP supply chain campaign has resumed with concurrent compromises targeting the AI inference package xinference, Checkmarx KICS, and Bitwarden CLI. This directly impacts AI security by poisoning a widely used LLM/ML model serving framework and demonstrates sophisticated attack methods increasingly intersecting with AI tooling.