Supply chain attackers are increasingly targeting developer workstations and CI/CD environments to steal secrets like API keys, cloud credentials, SSH keys, and tokens rather than only injecting malicious code. Recent campaigns such as TeamPCP and Shai-Hulud show that software delivery risk now begins on the developer machine, where credentials, automation, and trust intersect. #TeamPCP #ShaiHulud #npm #PyPI #DockerHub
Keypoints
- Attackers are harvesting secrets from developer environments and CI/CD pipelines.
- npm, PyPI, and Docker Hub were targeted in a 48-hour campaign window.
- TeamPCP and Shai-Hulud show supply chain attacks centered on credential theft.
- Developer workstations hold credentials, code, build tools, and delivery authority.
- Security teams should treat the workstation as a local supply chain boundary.
Read More: https://thehackernews.com/2026/05/developer-workstations-are-now-part-of.html