TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)

A sophisticated supply-chain campaign (attributed to TeamPCP / Mini Shai-Hulud) trojanized components across multiple ecosystems—Visual Studio Marketplace (Nx Console extension), PyPI (Microsoft's durabletask SDK), and the @antv npm ecosystem—resulting in exfiltration of ~3,800 GitHub-internal repositories, widespread credential theft across cloud and developer tooling, and reports of a Linux disk wiper; the report describes attack timelines, affected packages, IOCs, operational details, and defensive actions such as credential rotation and lockfile verification.