TWO TeamPCP events dominated the campaign in the period up to 17 May 2026, with Checkmarx confirming the Jenkins AST plugin had been trojanised and a new Mini Shai-Hulud worm spreading across npm and PyPI, marking the loudest stretch since the March Trivy disclosure. On 9–10 May 2026, Checkmarx published an official update confirming the tampered plugin version 2026.5.09 and remediation builds, after a prior unconfirmed report on 9 May.
Beginning 11 May 2026 at 19:20 UTC, the worm released 84 malicious artifacts across 42 TanStack npm packages in about six minutes, later expanding to roughly 170 packages with downloads exceeding 500 million and introducing a first documented npm malware with valid SLSA Build Level 3 provenance. The campaign also saw a 1-in-6 destructive payload targeting Israeli or Iranian locales and persistence hooks in developer tooling, underscoring a credible data-loss risk for defenders.
NHS England issued the campaign’s first government alert on 12 May 2026, while CISA remained silent and no named-actor product from Mandiant or Google Threat Intelligence Group was published; attribution rests on Wiz, StepSecurity, and Snyk.