StepSecurity @step_security

🚨 Another GitHub Action compromised today: simonecorsi/mawesome This is the second action compromise we are tracking today, and it uses the same technique as the earlier codfish/semantic-release-action incident. Almost certainly the same attacker. 🔁 A few things from the earlier compromise that are worth highlighting, because they change how defenders should think about this class of attack: 🏷 The attacker published the major version tags, including v5, as immutable tags pointing at the malicious commit. Once a tag is marked immutable on GitHub, it cannot be moved. 💻 The malicious code does not stop at exfiltrating CI/CD credentials. It also writes malicious VS Code settings and Cursor rules files into every branch of the repository. Any developer who later clones this repo and opens it in VS Code or Cursor will silently execute the attacker's payload, turning a CI/CD compromise into a developer machine compromise. 🎯 This is a pattern we are seeing more and more: a single supply chain compromise designed to hit both CI/CD runners AND developer workstations. ⏱ Also worth noting: the earlier codfish/semantic-release-action repository is still in a compromised state nearly 9 hours after the initial compromise was identified. The malicious commits and immutable tags have not been remediated. Anyone running the action today is still pulling the attacker's code. 🛡 StepSecurity customers are protected on multiple fronts: 🚫 The Compromised Actions Policy has been updated to block simonecorsi/mawesome (and codfish/semantic-release-action). Workflows referencing either action are blocked before they execute. ⛔ StepSecurity Harden Runner blocks both compromised actions at runtime. The malicious payload reads memory from the Runner.Worker process to harvest CI/CD secrets, a behavior Harden Runner detects and prevents on every protected workflow, regardless of which action introduces it. 🧰 Dev Machine Guard now includes a recently shipped capability that detects suspicious IDE extension settings and rules files (VS Code settings.json, Cursor rules, etc.) dropped into repositories on developer machines. This is exactly the persistence mechanism this attacker is using. ✅ If you use either action: stop using it immediately, pin to a known good commit SHA from before the compromise, rotate any secrets exposed to recent workflows, and check developer machines that have cloned these repositories for the dropped IDE config files. stepsecurity.io/blog/simonecor…

🚨 The GitHub Action codfish/semantic-release-action has been compromised 🏷 Some tags in the repository have been rewritten to point to an imposter commit that exfiltrates CI/CD credentials. Any workflow that references this action by version tag will pull the malicious code on its next run. 🧠 The malicious code reads memory from the Runner.Worker process to harvest CI/CD secrets in flight, then exfiltrates them to attacker controlled infrastructure. 🛡 StepSecurity customers are already protected in multiple ways: 🚫 The Compromised Actions Policy has been updated to block use of codfish/semantic-release-action. For customers with the policy enabled, any workflow run referencing this action is blocked before it executes. ⛔ StepSecurity Harden Runner immediately blocks this action at runtime because it attempts to read the Runner.Worker process memory, a behavior Harden Runner detects and prevents on every protected workflow. stepsecurity.io/blog/supply-ch…

🛡️ Announcing Dev Machine Guard Suspicious File Detection: StepSecurity enterprise customers can now quickly detect developer machines compromised by Miasma and Hades, across their entire fleet. ⏱️ Three waves in five days. 57 npm packages hit June 3. Microsoft's Azure GitHub orgs June 5. Hades on PyPI June 8. 🪱 These worms execute the moment a project is opened. A planted .vscode/tasks.json auto-runs in VS Code. Hooks do the same in Claude Code (.claude/setup.mjs), Cursor, Codex, and Gemini. No install needed. ⚠️ EDR misses it: the execution chain is your own trusted tooling, and the payload reads secrets from process memory. No malware binary to fingerprint. 🔍 Detection rules are written and continuously updated by our research team, first to report multiple waves of this campaign. Nothing to tune. ✅ Running Dev Machine Guard? Open Suspicious Files in your dashboard now and check your fleet. 👉 Full details: stepsecurity.io/blog/miasma-an…

🚨 Pythagora-io/gpt-pilot (33K stars) was compromised today. An attacker hijacked a co-founder's GitHub account and force-pushed a Shai-Hulud credential stealer to main. The unlikely hero? ruff, the Python linter, blocked the malicious code twice. The attacker gave up. Full analysis: stepsecurity.io/blog/pythagora…

🚨 Breaking: npm supply chain worm spreading via binding.gyp, bypassing install hook detection. Steals npm/GitHub/AWS/GCP/Azure credentials and publishes poisoned versions of packages you maintain. Actively investigating. Affected packages and analysis: stepsecurity.io/blog/binding-g…

🚨 Breaking: 31 npm packages from @RedHat have been compromised. 100,000+ weekly downloads affected. The upstream CI/CD pipeline was compromised, with all packages published via GitHub Actions OIDC. The payload: ⚠️ Reads GitHub Actions runner process memory to extract masked secrets ⚠️ Sweeps credentials across AWS, GCP, Azure, K8s, Vault, and npm ⚠️ Self-propagating worm that republishes backdoored packages using stolen npm tokens, bypassing 2FA ⚠️ Persists on dev machines via Claude Code settings hijack and VS Code task injection ⚠️ Exfiltrates data through GitHub API commits, blending in with normal git operations We have responsibly disclosed the incident to the maintainers. Full technical analysis: stepsecurity.io/blog/multiple-…

🚨 Active npm supply chain attack. 143 packages compromised in a single coordinated wave across the AntV (Alibaba) data visualization ecosystem, plus echarts-for-react, timeago.js, jest-canvas-mock, and others. Some ship over a million downloads per month. 🛡️ The C2 domain sits on the same infrastructure used in the actions-cool/* GitHub Actions compromise we reported earlier today. Every StepSecurity Harden-Runner customer, community tier and enterprise, was protected from second zero of this incident via our global block list. 🚨 We pushed a Threat Center alert to all StepSecurity enterprise customers with detection queries and remediation steps. Here's how StepSecurity Enterprise customers are protected at every stage of the software development pipeline: ⚙️ CI/CD pipelines 1️⃣ Outbound connections to the C2 domain are blocked automatically 2️⃣ Runner.Worker memory read detection flags attempts to dump CI/CD secrets 📦 Code Repositories 1️⃣ npm package search detects compromised packages in default branches and pull requests 2️⃣ npm cooldown and compromised package GitHub checks automatically block pull requests from being merged 💻 Dev Machine Guard 1️⃣ npm package search detects compromised packages installed on developer machines. 🔒 For all stages, StepSecurity Secure Registry blocks these compromised packages from even reaching your environment in the first place. stepsecurity.io/blog/compromis…

🚨 ACTIVE SUPPLY CHAIN ATTACK 🚨 The actions-cool/issues-helper GitHub Action is compromised. Every existing tag in the repo now points to an imposter commit that: ⬇️ Downloads the bun JS runtime 🧠 Reads Runner.Worker process memory to harvest CI/CD secrets in flight 📡 Exfiltrates credentials to t.m-kosche[.]com Any workflow referencing this action by version will pull the malicious code on its next run. If you use it: stop immediately, pin to a known-good commit SHA from before the compromise, and rotate any secrets exposed to recent runs. StepSecurity customers are already protected: 🛡 Real-time Threat Center alert with "Am I Affected?" links for every workflow and every runner that has talked to the IOC domain 🚫 Compromised Actions Policy blocks any run referencing this action before it executes 🌐 Harden-Runner Global Block List now blocks t.m-kosche[.]com automatically, even in audit mode, no config change required 🔍 Imposter Commit detection flags the exact signature of this attack Full advisory and IOCs: stepsecurity.io/blog/actions-c…

🚨 BREAKING Nx Console VS Code Extension Compromised 🚨 Nx Console (nrwl.angular-console) v18.95.0, a VS Code extension with 2.2M+ installs, was published with malicious code on May 18, 2026. The compromised version executes an obfuscated credential stealing payload on workspace activation. If you use Nx Console, assume your machine is compromised and follow your incident response process. Our team is actively investigating and will keep the blog post updated as new details emerge: stepsecurity.io/blog/nx-consol… #SupplyChainSecurity #VSCode #CyberSecurity #DevSecOps

why this happened every day

StepSecurity @step_security

a month ago

🚨 BREAKING: node-ipc compromised. Again. Three malicious versions of node-ipc (9.1.6, 9.2.3, 12.0.1) were published today carrying an identical credential-stealing payload. This package has 10M+ weekly downloads. Here's what happened: An attacker injected an 80KB obfuscated

1 32 61 21K 34

server side javascript might die with this pace of CVEs

StepSecurity @step_security

a month ago

🚨 BREAKING: node-ipc compromised. Again. Three malicious versions of node-ipc (9.1.6, 9.2.3, 12.0.1) were published today carrying an identical credential-stealing payload. This package has 10M+ weekly downloads. Here's what happened: An attacker injected an 80KB obfuscated

1 32 61 21K 34

🚨 BREAKING: node-ipc compromised. Again. Three malicious versions of node-ipc (9.1.6, 9.2.3, 12.0.1) were published today carrying an identical credential-stealing payload. This package has 10M+ weekly downloads. Here's what happened: An attacker injected an 80KB obfuscated IIFE into the CommonJS bundle. It fires on every require('node-ipc') call. No special config needed, just importing the package is enough. What it steals: → AWS, Azure, GCP credentials → SSH private keys → Kubernetes configs → Docker tokens → GitHub CLI tokens → AI tool configs (including Claude) → Terraform state → 90+ credential file patterns in total Everything gets gzipped and exfiltrated to an attacker-controlled domain (sh[.]azurestaticprovider[.]net) via DNS TXT queries and HTTPS POST, designed to look like normal traffic. The attacker published across two major version lines simultaneously (9.x and 12.x) to maximize blast radius. Semver ranges like ^9, ~9.1.x, ~9.2.x, ^12, and ~12.0 all resolve to compromised versions automatically on the next install or lockfile refresh. Key details: Only the CommonJS bundle (node-ipc.cjs) is affected. ESM imports are clean. The 9.x releases are fabricated. The 9.x line never shipped a .cjs bundle before this attack. This is a different actor from the 2022 peacenotwar incident. Purely financial, credential-theft motivation. If you installed any of these versions, assume all secrets on that machine are compromised. Rotate everything. Our full technical breakdown covers the attack chain stage by stage, IOCs, and how to check if you're affected: stepsecurity.io/blog/node-ipc-…

🚨 ACTIVE INCIDENT: The Mini Shai-Hulud worm is back, and it just compromised dozens of official @tanstack npm packages This is the first documented self-spreading npm worm that carries valid SLSA provenance attestations. Let that sink in. Our OSS Package Security Feed detected the compromised releases and we're tracking the spread in real time. Here's what happened: The attacker staged an obfuscated 2.3 MB credential-stealing payload in a fork of TanStack/router, then used hijacked OIDC tokens to publish malicious versions through TanStack's own legitimate GitHub Actions release pipeline. The compromised packages include @tanstack/react-router, @tanstack/router-core, @tanstack/react-start, and 40+ other packages. Millions of weekly downloads across the ecosystem. If you installed any affected version in CI, assume all secrets in that environment are compromised. Rotate tokens immediately. Full technical analysis, IOCs, compromised version list, and recovery steps on our blog. The list of affected packages is still growing. stepsecurity.io/blog/mini-shai…

Our co-founders Varun Sharma and Ashish Kurmi are heading back to @Microsoft next week, this time as speakers at BlueHat Redmond. Both started their security careers at Microsoft, so it's a full-circle moment. If you'll be there, stop by and say hi!

Microsoft BlueHat @MSFTBlueHat

2 months ago

🎤 BlueHat Speaker Announcement We’re excited to announce that Varun Sharma, Co-founder & CEO, StepSecurity and Ashish Kurmi, Co-founder & CTO, StepSecurity, will be speaking at BlueHat with their session, “Double‑Edged AI: Securing the Software Supply Chain in the Autonomous

0 1 8 718 0

🚨 A Mini Shai-Hulud has appeared. Your npm install just handed your credentials to an attacker. We detected a new supply chain campaign targeting SAP developer packages. It downloads Bun (not Node) to run an 11 MB obfuscated payload. Victim repos are being created on GitHub as we speak. Full breakdown: stepsecurity.io/blog/a-mini-sh…

The full behind-the-scenes story, the frantic evening, the deleted issues, the community rallying at midnight, is on our blog. Read it here: stepsecurity.io/blog/behind-th…

→ @karpathy shared our blog on X, calling it the "more comprehensive article" → @firaborjmshi featured our analysis. 624K+ views. → Hit #1 on Hacker News for hours

🚨 Last week, North Korean state actors hijacked axios on npm. 300M+ weekly downloads. Turned into a remote access trojan. We just published the behind-the-scenes story of how we detected it, fought the threat actor in real time, and helped the community respond.