Skip to content
Cyvex Security

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code

The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards. The post TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code appeared first on SecurityWeek.

The infamous TeamPCP hacking group that besieged the open source software ecosystem several times over the past half year has released the source code of its Shai-Hulud worm, opening the door to copycat attacks.

The code was shared via GitHub repositories under several users and was accompanied by detailed instructions on how to use it. While GitHub removed the repos, multiple forks also appeared, Datadog says.

The repositories also contained the “Shai–Hulud: Open Sourcing The Carnage” message from the hacking group itself, which states the intended purpose of the release, namely to fuel more supply chain attacks.

Source: https://www.securityweek.com/teampcp-ups-the-game-releases-shai-hulud-worms-source-code/

Related breach coverage

  • First Shai-Hulud Worm Clones Emerge
    2026-05-18

    At least one threat actor has adopted the recently released malware source code in attacks against NPM developers. The post First Shai-Hulud Worm Clones Emerge appeared first on SecurityWeek.

  • OpenAI hit by supply chain attack linked to malicious TanStack packages
    2026-05-16

    OpenAI said the TanStack supply chain attack compromised two employee devices and exposed credentials from code repositories. OpenAI confirmed that the recent TanStack supply chain attack compromised two employee devices and exposed credential material stored in internal source code repositories. The incident began after the TeamPCP hacking group abused weaknesses in the package publishing process […]

  • OpenAI Hit by TanStack Supply Chain Attack
    2026-05-15

    Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories. The post OpenAI Hit by TanStack Supply Chain Attack appeared first on SecurityWeek.

  • PoC Code Published for Critical NGINX Vulnerability
    2026-05-16

    Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. The post PoC Code Published for Critical NGINX Vulnerability appeared first on SecurityWeek.