Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign
Source: Tenable
Published:
<p>A self-propagating worm has compromised more than 170 npm and PyPI packages, defeating provenance attestation and breaching OpenAI and Mistral AI. Here is what you need to know.</p> <p>Between September 2025 and May 2026, a threat group tracked as TeamPCP has conducted a series of coordinated sup