Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign

**Mini Shai-Hulud (TeamPCP)**: A high-impact, active supply-chain campaign using a self-propagating worm to poison npm and PyPI packages, harvest extensive developer and cloud credentials (including OIDC tokens), and publish trojanized packages via compromised CI/CD pipelines — notably defeating SLSA Build Level 3 provenance attestations and impacting high-profile organizations (OpenAI, Mistral AI, GitHub, EU entities); Tenable provides IOCs, CVE-2026-45321 context, and prioritized remediation guidance.