The TeamPCP supply chain campaign, tracked by SANS ISC and formally acknowledged by CISA, exploits subverted build pipelines to distribute malicious artifacts, including the Mini Shai-Hulud credential-stealing worm. Key vulnerabilities (CVE-2026-45321 and CVE-2026-48027) were added to CISA's KEV catalog with a remediation deadline of 2026-06-10. The campaign's open-sourced framework has led to copycat attacks compromising at least 32 Red Hat npm packages (Miasma wave) and a follow-on Phantom Gyp wave affecting 57 additional packages. Attackers used a compromised Red Hat employee GitHub account to inject malicious GitHub Actions workflows, resulting in valid SLSA provenance attestations despite the malicious payload. Phantom Gyp introduced install-time evasion by abusing binding.gyp and node-gyp hooks, bypassing monitors focused on package.json scripts. Attribution is ambiguous due to the public availability of the Mini Shai-Hulud framework. The campaign's monetization channels remain dormant, focusing currently on ecosystem-scale worming rather than targeted extortion.

The campaign enables attackers to distribute malicious code through trusted supply chain components, leading to credential theft and potential further compromise of cloud and CI/CD environments. The subversion of build pipelines allows attackers to produce validly signed malicious artifacts, undermining trust in provenance attestations. The compromise of widely used npm packages affects thousands of users and organizations relying on these packages, increasing the risk of widespread credential exposure and unauthorized access. The use of advanced install-time evasion techniques complicates detection and mitigation efforts. Although no active extortion or ransomware activity is currently observed, the campaign poses a significant medium-level threat to software supply chain integrity and cloud security.

A fix is available as per CISA advisories with a remediation deadline of 2026-06-10 for CVE-2026-45321 and CVE-2026-48027. Defenders should confirm removal of the compromised Nx Console v18.95.0 and remediation of TanStack-related exposures. Rotate all CI/CD-accessible secrets and cloud credentials and review CI/CD logs and cloud audit trails as recommended by CISA. Inventory and pin affected npm packages (@redhat-cloud-services, @vapi-ai/server-sdk, and others) to known-good versions rebuilt from trusted sources. Enhance detection to monitor install-time execution beyond package.json scripts, including binding.gyp and node-gyp hooks, and consider disabling install scripts in CI environments where feasible. Do not rely solely on SLSA provenance attestations; implement build environment integrity controls and behavioral monitoring. Enforce two-factor authentication on registry maintainer accounts, narrowly scope publish tokens, and alert on anomalous workflow changes in source repositories. Monitor for further advisories and updates from vendors and government agencies.