GHSA-GR3R-CRP5-QRRM: Supply Chain Compromise in intercom-php via Malicious Composer Plugin Vulnerability ID: GHSA-GR3R-CRP5-QRRM CVSS Score: 10.0 Published: 2026-05-07 The intercom/intercom-php package on Packagist was subjected to a supply chain compromise by the TeamPCP threat actor group. Attackers published a malicious package version (5.0.2) utilizing a Composer plugin to achieve arbitrary code execution upon installation, resulting in the exfiltration of environment variables and sensitive credentials to an external command-and-control server. TL;DR A malicious version (5.0.2) of the intercom/intercom-php package was published via a compromised GitHub tag. It uses a malicious Composer plugin to automatically execute code during installation, exfiltrating local secrets and environment variables. All organizations that installed this version must immediately rotate all potentially exposed credentials.…