New Mini-Shai-Hulud Wave Targets NPM, PyPi Packages and VSCode Extension (Campaign)

Researchers identified a broad TeamPCP-linked supply-chain campaign that delivered malicious NPM and PyPI packages, compromised GitHub Actions, and trojanized a VSCode extension to target developer, cloud, and CI/CD environments. The activity included credential harvesting and exfiltration (via public GitHub repositories with RSA-encrypted data), installation of backdoors (e.g., ~/.local/share/kitty/cat.py and pgmonitor.py), propagation using AWS SSM and kubectl exec, and a conditional destructive routine with a potential rm -rf/* trigger under specific geolocation checks.