Hello and welcome to the Monday, April 6, 2026 edition of the Sands

Atlantic Storm Center's Stormcast. My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the Sands.edu, creative certificate program in incident response.

Well, let's start today with a quick update on some of the team PCP and Axi's events from the last two weeks.

First of all, Team PCP can sort of publish another update and summary of what was new.

A couple more systems and organizations that announced they were breached. However, it looks like for almost two weeks now or so we don't really have any new compromise that is attributed to Team PCP.

These are systems that were compromised in the initial wave

and, well, just now become known as compromised.

There are also a number of links to write-ups and such with additional details

about the embalmer and basically what exactly happened here,

what was exfiltrated. A couple websites have assembled some lists of compromised organizations,

but one word of caution here that they're probably rather incomplete and there are a lot more compromised organizations.

Now, one organization apparently was not compromised by Team PCP was Axis, and we now have

a post-mortem here by access with additional details.

I originally thought it was related to Team PCP,

because it sort of made sense the type of compromise and, of course, the timing,

but apparently this was completely independent from Team PCP

and the trivia exploit and all of that.

Well, we now know it was actually pretty much social engineering and team PCP and the trivia exploit and all of that.

Well, we now know it was actually pretty much social engineering and some of the better social engineering.

The lead developer here off-axis,

who is responsible for the particular NPM pact,

...