Threats Tagged 'developer infrastructure'
View all threats tagged with 'developer infrastructure'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'developer infrastructure'
Click on any threat for detailed analysis and mitigation recommendations
Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages 0 A fresh wave of the Miasma Mini Shai-Hulud supply chain campaign compromised legitimate npm packages under the @immobiliarelabs scope on June 26, 2026. The attack targeted Backstage plugins used for GitLab integration and LDAP authentication, affecting 22 package versions across multiple releases. The malware employs sophisticated techniques including hidden payloads that bypass standard package reviews, steals developer credentials and CI/CD secrets, and exploits GitHub Actions workflows for propagation. The campaign appears linked to a compromised upstream GitHub Action (codfish/semantic-release-action) and leverages deployment-triggered workflows for execution. Stolen credentials include npm tokens, GitHub tokens, cloud credentials, SSH keys, and various authentication secrets, which are exfiltrated to attacker-controlled repositories for further propagation across the ecosystem. Join the discussion | AlienVault OTX General | 06/27/2026, 01:57:13 UTC Added: 06/29/2026, 09:51:24 UTC |
Showing 1 to 1 of 1 result