https://dileepkumar.dev/categories/cybersecurity/ Recent content in Cybersecurity on Dileep Kumar https://dileepkumar.dev/papermod-cover.png https://dileepkumar.dev/papermod-cover.png Hugo -- gohugo.io en Fri, 15 May 2026 03:30:00 +0530 https://dileepkumar.dev/post/shai-hulud-worm-teampcp-supply-chain-attack/ Fri, 15 May 2026 03:30:00 +0530 https://dileepkumar.dev/post/shai-hulud-worm-teampcp-supply-chain-attack/ If you work anywhere near open-source infrastructure, CI/CD pipelines, or cloud-native tooling, you need to know about the Mini Shai-Hulud worm. Named after the colossal sandworms of Frank Herbert’s Dune, this self-propagating malware—deployed by the threat actor group TeamPCP—burrowed through the npm and PyPI ecosystems in May 2026, compromising hundreds of packages and turning trusted developer tooling into a weapon. This is not a theoretical supply chain risk. This is one of the most sophisticated attacks the open-source ecosystem has ever faced.