TeamPCP Supply Chain Campaign: Activity Through 2026-05-17, (Mon, May 18th)
Summary
The TeamPCP supply chain campaign has shown increased activity, including a confirmed compromise of a Checkmarx Jenkins plugin and the emergence of a new self-spreading Mini Shai-Hulud worm affecting npm and PyPI. This campaign has been ongoing and is expected to continue.
IFF Assessment
The campaign involves the compromise of software supply chains and the spread of malware, which poses a significant threat to organizations and defenders.
Defender Context
This article highlights the ongoing threat of supply chain attacks targeting popular developer tools and package repositories. Defenders should be vigilant about the security of their CI/CD pipelines and be prepared to detect and respond to novel malware strains like the Mini Shai-Hulud worm that can spread rapidly across development ecosystems.