Wiz Research, Aikido, and JFrog jointly identified the campaign on June 1, affecting packages like frontend-components, compliance-client, and rbac-client with a combined ~117,000 weekly downloads. The entry point was a compromised Red Hat employee GitHub account. Malicious orphan commits used GitHub Actions OIDC tokens to publish directly to npm, bypassing the individual developer account compromise pattern seen in prior waves. The preinstall script runs on every npm install — meaning transitive consumers are exposed even if they never updated a direct dependency. The payload does a broad credential sweep: GitHub Actions secrets (GITHUB_TOKEN, ACTIONS_RUNTIME_TOKEN), GCP and Azure cloud identities, and hooks into AI developer tools — Claude, Codex, Gemini, Copilot, Kiro, and opencode. It also drops a VS Code folder-open task that re-executes the payload on workspace load. That last part is worth sitting with: opening a project in VS Code can now re-trigger exfiltration even after the malicious package is removed, if the task persists. If your code touches @redhat-cloud-services packages, the working assumption is that credentials were exposed — GitHub tokens, cloud identities, whatever was in scope. Rotate them, pull CI/CD logs for OIDC-sourced npm publishes, and audit developer workstations for VS Code workspace tasks that shouldn't be there. The fifth TeamPCP campaign in six weeks, and the OIDC pivot marks the first time they've moved off individual account compromise as the entry point. That's the part worth tracking.