Just days after the hacking group TeamPCP released the Shai-Hulud worm's source code on GitHub, the first clones have emerged in active supply chain attacks. Ox Security reports that four malicious NPM packages, with over twenty-six hundred weekly downloads combined, have been published by a single threat actor, including one package that's a direct clone of the credential-stealing worm. Security researchers warn this marks just the beginning of an upcoming wave of supply chain attacks, as cybercriminals quickly adapt and deploy the now-public malware code against open source software developers.