What happened
Mini Shai-Hulud is part of the broader Shai-Hulud/Miasma supply-chain campaign (attributed to UNC6780/TeamPCP). On June 19, 2026, a security hunt identified 1,614 exfiltration repositories bearing the description marker 'A Mini Shai-Hulud has Appeared' across 21 compromised GitHub accounts. The worm spreads via postinstall hooks and GitHub workflow execution, harvesting and exfiltrating credentials on an active basis.
Why it matters
This is a self-propagating supply-chain worm targeting AI/ML developers. Once a developer's account is compromised, the worm harvests credentials to cloud providers, AI platforms, and internal systems. These credentials are then used for lateral movement, data theft, and model poisoning. The active spread (June 19 discovery) and credential exfiltration make this a Tier A threat.
Attack vector
The worm infects a developer's account, harvests credentials stored in environment variables, .env files, CI/CD secrets, and cloud config files. It then creates new public GitHub repositories and pushes the stolen credentials as plaintext, making them accessible to the attacker. The worm then propagates by using the stolen identities to commit malicious code to other repositories, spreading the infection.
Affected systems
GitHub repositories and accounts; targets AI/ML developers and CI/CD pipelines
Mitigation
Rotate all credentials immediately if your GitHub account was compromised. Enable GitHub's security key requirement; use short-lived credentials and API tokens; monitor for unauthorized repository creation and commits; implement network-level detection for outbound credential exfiltration.