HomeCVE Intelligence › CVE-2026-33634
CVSS 8.0 HIGH 🔴 ACTIVELY EXPLOITED Security Vulnerability

CVE-2026-33634: TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compr…

This update succeeds&&#x23&#x3b;x26&#x3b;&#x23&#x3b;xc2&#x3b;&&#x23&#x3b;x26&#x3b;&#x23&#x3b;xa0&#x3b; TeamPCP Supply Chain Campaign Update 007 , published April 8, 2026, which left the campaign in credential-monetizati…

8.0CVSS Score
HIGHSeverity
YESCISA KEV
Security VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-33634
VendorSANS ISC
Affected ProductThreat Intelligence
Vulnerability TypeSecurity Vulnerability
CVSS Score8.0 (HIGH)
Actively Exploited✅ Yes — CISA KEV Listed
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via sans_isc)

🔬 Technical Analysis

This update succeeds&&#x23&#x3b;x26&#x3b;&#x23&#x3b;xc2&#x3b;&&#x23&#x3b;x26&#x3b;&#x23&#x3b;xa0&#x3b; TeamPCP Supply Chain Campaign Update 007 , published April 8, 2026, which left the campaign in credential-monetization mode following the Cisco source code theft via Trivy-linked credentials, Google GTIG&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;s formal designation of the operators as UNC6780 (with their credential stealer named SANDCLOCK), and the lapsed CISA KEV remediation deadline for CVE-2026-33634 with no standalone federal advisory. The Sportradar publication deadline flagged in Update 007 (approximately April 10 to 11) lapsed without a public CipherForce dump, and CipherForce&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;s leak infrastructure has remained offline. Twelve days after Update

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-33634 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence