Developers using compromised Lightning and Intercom packages
April 29, 2026
•[ software supply-chain attack, malware, credential harvesting ]
TeamPCP conducted a Mini Shai-Hulud software supply-chain attack by injecting credential-stealing malware into Lightning Python versions 2.6.2 and 2.6.3, intercom-client npm versions 7.0.4 and 7.0.5, and intercom-php 5.0.2. The malware harvested secrets from developer and CI/CD environments and created more than 1,800 GitHub repositories containing stolen credentials.
