Pypi
Mini Shai-Hulud Wave 4: TanStack, Mistral AI, UiPath Hit by First-Ever SLSA-Attested Malicious npm Packages (CVE-2026-45321)
TeamPCP's fourth Mini Shai-Hulud wave compromised 42 TanStack packages, the Mistral AI SDK, UiPath, OpenSearch, and Guardrails AI by stealing OIDC tokens out of a GitHub Actions runner's process memory — and shipped malicious versions with valid SLSA Build Level 3 provenance attestations.
Worms All the Way Down: Why npm and PyPI Will Keep Spawning Self-Propagating Compromises Until We Re-Architect Install-Time Trust
From the original Shai-Hulud in September 2025 through CanisterSprawl, the Bitwarden CLI compromise, and Mini Shai-Hulud, every major npm/PyPI worm of the last eight months has used the same primitive: package lifecycle hooks that run arbitrary code on install. Until the registries change that default, each generation will keep landing.
Mini Shai-Hulud: SAP, Intercom, and PyTorch Lightning Hit by Bun-Based Stealer in 48-Hour TeamPCP Cascade
TeamPCP's Mini Shai-Hulud campaign poisoned SAP CAP, Intercom, and PyTorch Lightning packages on April 29-30 with a Bun-runtime credential stealer that scrapes secrets directly from CI runner memory.
CanisterSprawl: Self-Propagating npm Worm Hits pgserve, Spreads to PyPI, Exfils to ICP Canister
Malicious pgserve, automagik, xinference, and kube-health releases drop a 1,143-line postinstall stealer that re-publishes itself using stolen npm tokens and exfiltrates to a decentralized ICP canister.
North Korea's Contagious Interview Campaign Hits 1,700 Malicious Packages Across Five Ecosystems
DPRK-linked Contagious Interview operation now spans npm, PyPI, Go Modules, crates.io, and Packagist with 1,700+ poisoned packages delivering BeaverTail and InvisibleFerret malware.
TeamPCP's Supply Chain Cascade: Trivy, KICS, LiteLLM, Telnyx Compromised — Now Pivoting to Ransomware via Vect
TeamPCP poisoned Trivy, KICS, LiteLLM, and Telnyx across GitHub Actions and PyPI in March 2026, harvested ~300 GB of CI/CD secrets, breached Cisco and AstraZeneca, and has now partnered with Vect RaaS to convert stolen credentials into ransomware deployments.