OX Security Blog
ox-security · MEDIUM · candidate
Discovered via S1 2026-05-19 research. Published primary research on TeamPCP copycat npm packages (Shai-Hulud clones from deadcode09284814) on 2026-05-17 ahead of THN coverage; supply-chain attack early-detection. Candidate — promote to active after 3 runs with content contribution. | 2026-06-20 full audit (v2.62): live=Y, drill=Y. FETCH → webfetch (listing) https://www.ox.security/blog/ then webfetch per-article /blog/{slug}.. AVOID: Recent output is vendor thought-leadership/marketing (AI-prompt security, Gartner MQ promo) — don't expect the original supply-chain threat research the candidacy cited; verify each post is research before citing..
Cited in 4 entries
Citation cadence
Citation days per ISO week (2 weeks of coverage span, total 4).
- Mini Shai-Hulud / TeamPCP — @antv npm wave and confirmed Maven Central poisoning; Cargo still un-hit2026-05-25
- Megalodon mass-poisons 5,561 GitHub repos in a 6-hour window; SysDiag + Optimize-Build workflows exfiltrate cloud credentials and OIDC tokens2026-05-23
- TeamPCP / Shai-Hulud — first copycat wave (Phantom Bot + SSH/cloud stealers), Checkmarx Jenkins plugin trojanised again, PCPJack rival worm hits exposed cloud services2026-05-19
- TeamPCP / Mini Shai-Hulud / Megalodon — the open-sourced supply-chain worm became commodity infrastructure this week2026-05-18