THE most significant development of the week was the April 29 to 30 Mini Shai-Hulud worm, a self-propagating supply chain campaign that compromised four official SAP npm packages, two PyTorch Lightning PyPI versions, two intercom-client npm versions, and the intercom-php Packagist package across three package ecosystems.
Wiz Blog attributes the operation to TeamPCP at high confidence based on a shared RSA public key with the prior Bitwarden CLI and Checkmarx KICS operations, while OX Security tracked roughly 1,800 GitHub repositories created with stolen credentials during the two-day campaign. Reporting suggests the campaign has now demonstrated cross-ecosystem worm propagation in production (npm to PyPI to Packagist), realising the CanisterSprawl-style ecosystem-jump risk flagged in the W17 weekly.
Five Eyes joint guidance released on May 1 addresses supply-chain risk for agentic AI deployments but does not name TeamPCP. The watch items note potential additional SAP, Lightning AI, or Intercom compromises and attribution discussions, with formal attribution statements from Mandiant or GTIG remaining unresolved through W18.