TI Mindmap HUB
Threat Intelligence Report

Shai-Hulud: Here We Go Again - Worm by TeamPCP Hits NPM and PyPI

📅 May 12, 2026 📰 research.jfrog.com 🔍 0 CVE(s) referenced

The Shai-Hulud: Here We Go Again campaign by TeamPCP is a highly sophisticated, worm-like supply chain attack that compromised over 170 npm and PyPI packages—spreading automatically through CI/CD environments, stealing credentials, and using destructive persistence mechanisms that threaten to wipe developer machines if defenders revoke stolen GitHub tokens before fully eradicating the malware.

vendor

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap
🎯 IOC Extraction
⚔️ MITRE ATT&CK TTPs
📦 STIX 2.1 Bundle