The TeamPCP campaign is a supply chain attack wave active through May 2026, featuring two major confirmed incidents: a backdoored Checkmarx Jenkins AST plugin (version 2026.5.09) distributed via the Jenkins Marketplace and a self-spreading Mini Shai-Hulud worm that compromised approximately 170 npm and PyPI packages, including 42 @tanstack npm packages. The worm propagated rapidly, leveraging TanStack's legitimate CI/CD pipeline via a GitHub Actions OIDC token compromise, resulting in malicious packages signed with valid SLSA Build Level 3 provenance. The malware includes a destructive 1-in-6 chance disk wipe targeting Israeli and Iranian locale systems and persistence mechanisms in developer tooling files. The Checkmarx compromise was remediated with patched builds 2.0.13-848.v76e89de8a_053 and 2.0.13-847.v08c0072b_2fd5. A rival worm, PCPJack, exploits multiple vulnerabilities to remove TeamPCP infections and steal credentials. Despite the campaign's scale, US federal agencies have not issued advisories, though NHS England has. Defenders are advised to audit affected packages, rotate credentials, and verify CI security configurations.

The confirmed Checkmarx Jenkins plugin compromise affected several hundred Jenkins controllers, potentially allowing attackers to execute malicious code within CI pipelines. The Mini Shai-Hulud worm poisoned a large number of widely used npm and PyPI packages with over 500 million downloads, increasing the risk of widespread supply chain compromise. The worm's destructive payload poses a credible risk of data loss on systems with Israeli or Iranian locale settings due to a probabilistic disk wipe. Persistence mechanisms in developer tooling increase the difficulty of complete eradication. The use of valid SLSA Build Level 3 provenance undermines trust in provenance-based supply chain security controls. The campaign also includes credential theft, which may facilitate further attacks. The presence of a rival worm evicting TeamPCP infections adds complexity to the threat landscape.

For the Checkmarx Jenkins AST plugin compromise, ensure Jenkins controllers are running remediated builds 2.0.13-848.v76e89de8a_053 or 2.0.13-847.v08c0072b_2fd5 and not the tampered 2026.5.09 version. Audit CI/CD pipelines for exposure to pull_request_target workflows running on forks and for GitHub Actions cache poisoning. Rotate all npm, GitHub, cloud provider, and CI/CD tokens that may have been exposed to compromised runners. Inventory and treat as suspect all installs of affected packages (@tanstack/*, mistralai, guardrails-ai, @opensearch-project/opensearch, @uipath/, @squawk/mcp, @tallyui/) created during the compromise windows. Pin exact package versions and verify lockfile hashes against a known-good baseline, as provenance alone is insufficient. Inspect developer endpoints for persistence in .vscode/tasks.json and ~/.claude/settings.json files. Block and monitor network indicators including C2 IP 83.142.209.194, domain git-tanstack[.]com, and exfiltration nodes filev2[.]getsession[.]org and seed1[.]getsession[.]org. Monitor for any official advisories or patches related to CVE-2026-45321 and the TeamPCP campaign. No vendor advisory states that no action is required; these mitigations are critical.