Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain

Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open source TanStack ecosystem.

Commercial risk teams are responding with tighter controls, scenario modeling, and broader collaboration across underwriting, claims, and cyber operations.

Leaders continue to prioritize resilience planning while balancing cost, coverage terms, and operational exposure in a changing market cycle.