Threat Intel

[CS-SA-26-0701] TeamPCP Software Supply Chain Campaigns

The CRITICALSTART® Cyber Research Unit is tracking TeamPCP, a financially motivated threat actor behind a sustained software supply chain campaign that has compromised Aqua Security Trivy, Checkmarx KICS, LiteLLM, the TanStack ecosystem, and GitHub's own internal repositories — now confirmed by FBI FLASH reporting. This advisory consolidates 17 sources into prioritized detection, mitigation, and response guidance.
CRITICALSTART® Cyber Research Unit (CRU)
July 3, 2026
18 min read
Datasheet

SOC AI: AI-Accelerated, Human-Validated MDR

Every MDR vendor claims AI speed — Critical Start's SOC AI pairs five purpose-built agents with mandatory human validation, contractual per-alert SLAs, and full audit trails on every decision.
Critical Start
June 30, 2026
2 min read
Threat Intel

OT Security Advisory: Iranian-Affiliated PLC Exploitation and Critical Infrastructure Threats

An Iranian state-directed campaign is actively exploiting a CVSS 9.8 authentication bypass in Rockwell Automation Logix controllers — with no vendor patch available. Critical Start's CRU breaks down the threat, the vulnerability surface, and what OT organizations need to do now.
Critical Start Cyber Research Unit
June 26, 2026
8 min read
Threat Intel

Understanding and Defending Against Zero-Day Vulnerabilities

Zero-day exploitation now precedes disclosure by an average of seven days. Critical Start's Cyber Research Unit breaks down the 2026 threat landscape, the Nightmare Eclipse campaign, and what defenders can actually do when no patch exists.
Critical Start Cyber Research Unit
June 19, 2026
15 min read
Webinar

On-Demand: The AI MDR Shortcut and Why We're Not Taking It

Critical Start's VP of Product and Principal Operations Engineer walk through their real-world approach to AI in the SOC including the Laws of AI, live agent demos, and honest TTI metrics.
Umair Masud and Suhail Rahmetulla
June 16, 2026
40 min
Blog

The Right Layer for AI Is Rarely First

"AI-first" SecOps sounds compelling — until it breaks at scale. Critical Start explains why deterministic systems belong in the first layer, and where AI actually belongs in the stack.
Kimberly Graham
June 9, 2026
4 min read