The notorious hacking group TeamPCP has released the source code for its Shai-Hulud worm on GitHub, dramatically lowering the barrier for copycat supply chain attacks targeting open source software ecosystems. The group is even running a contest on BreachForums with cash rewards for cybercriminals who successfully deploy the worm and cause maximum damage. Security experts warn that the malware's modular design, which harvests developer credentials and includes anti-detection features, combined with this public release, will likely spawn numerous variants and trigger a sustained spike in sophisticated supply chain compromises.