Threats Tagged 'ci/cd targeting'

Microsoft Threat Intelligence identified an active supply chain attack involving malicious npm packages that employ dependency confusion techniques. Between May 28-29, 2026, a threat actor using three maintainer aliases published malicious packages across nine organizational scopes that mirror real corporate namespaces. The packages execute obfuscated reconnaissance payloads through npm lifecycle hooks, collecting system information, environment variables, and developer credentials. All packages connect to the same command-and-control server and deploy a 17KB JavaScript dropper designed for environment fingerprinting. The campaign includes platform-specific payloads for Windows, macOS, and Linux, with CI/CD detection bypass capabilities. The architecture operates in reconnaissance-only mode but supports server-side toggling for full exploitation. Forensic analysis indicates all three accounts are operated by a single individual, evidenced by shared C2 infrastructure, identical hardcoded authentication toke...

A supply chain attack compromised multiple @redhat-cloud-services npm packages, executing malicious payloads automatically during installation via preinstall hooks. The attack uses AES-GCM encrypted payloads and obfuscated JavaScript loaders to harvest GitHub Actions secrets, npm tokens, cloud credentials (AWS, Azure, GCP), Kubernetes and Vault material, SSH keys, Git credentials, and cryptocurrency wallet files. The payload can daemonize on developer workstations, includes Russian-locale avoidance mechanisms, and exfiltrates stolen data through encrypted HTTPS channels with GitHub API fallback mechanisms. The campaign employs tactics similar to the publicly released Shai-Hulud toolkit, though attribution remains unclear due to the availability of open-source attack tooling.

Socket detected 84 compromised TanStack npm package artifacts modified with credential-stealing malware targeting CI systems, including GitHub Actions. Affected packages like @tanstack/react-router have over 12 million weekly downloads. The malicious versions contain router_init.js, a heavily obfuscated file with daemonization capabilities and environment variable access for GitHub Actions secrets. The compromise exploited GitHub Actions cache poisoning and pull_request_target patterns to extract OIDC tokens and authenticate malicious npm publishes through trusted-publisher bindings. The malware harvests credentials from GitHub Actions, AWS (IMDS, Secrets Manager, SSM), HashiCorp Vault, and Kubernetes, while establishing persistence in Claude Code and VS Code directories. Exfiltration occurs through Session's decentralized P2P network. The campaign includes self-propagation mechanisms that steal npm OIDC tokens and autonomously republish compromised packages. Updates indicate expansion to OpenSearch, Mistr...

The popular PyPI package lightning experienced a supply chain attack affecting versions 2.6.2 and 2.6.3, published on April 30, 2026. The compromise introduced malicious code that executes automatically upon module import, downloading Bun JavaScript runtime and executing an 11MB obfuscated payload. The attack harvests credentials including GitHub tokens, npm tokens, cloud credentials from AWS, Azure, and Google Cloud, while targeting CI/CD environments. The malicious code poisons GitHub repositories by injecting backdoored files impersonating Claude Code commits and infects local npm packages through tarball manipulation. The attack shows similarities to previous Shai-Hulud campaigns in terms of credential targeting and obfuscation methods. Evidence suggests the maintainer's GitHub account (pl-ghost) was compromised, with suspicious branch operations and disclosure suppression indicating ongoing attacker control. The incident affects a widely-used deep learning framework receiving millions of monthly downl...

The intercom-client npm package version 7.0.4 was compromised through a malicious GitHub account, introducing credential-stealing malware into a widely used Node.js SDK with approximately 360,000 weekly downloads. The attack deployed two malicious files: setup.mjs, executed via preinstall hook to download an unverified Bun binary, and router_runtime.js, an obfuscated 11.7 MB script targeting Kubernetes, Vault, and cloud credentials. Stolen data was encrypted and exfiltrated through GitHub API. The compromise resembles recent attacks on PyPI lightning package and SAP CAP packages, sharing technical patterns with TeamPCP-linked campaigns including GitHub-based exfiltration and CI/CD targeting. The attack was facilitated by compromised GitHub account nhur, which created malicious workflows and triggered automated CI publishing, affecting developers and CI/CD environments that installed the package.