TeamPCP’s third-generation Shai-Hulud campaign is placing malicious npm packages impersonating SAP CAP ecosystem libraries and the Bitwarden CLI across enterprise CI/CD pipelines, targeting cloud credentials across AWS, Azure, GCP, and Kubernetes with no CVE and no vendor patch available. The attack requires only a routine dependency install to achieve full credential exfiltration. Organizations without dependency integrity controls and least-privilege CI/CD pipeline secrets are fully exposed.