Loading...
Loading...
A surge of coordinated supply‑chain attacks has weaponized developer toolchains—npm packages, GitHub Actions, and VS Code extensions—to steal CI/cloud credentials and self‑propagate. Incidents linked to groups like TeamPCP (Mini Shai‑Hulud) and campaigns such as Megalodon and TrapDoor compromised thousands of repos and dozens of trusted packages (notably @redhat-cloud-services and TanStack), sometimes abusing OIDC, valid signing certificates, or CI anti‑patterns to preserve provenance. Researchers urge immediate credential rotation, workflow hardening, dependency pinning, lockfile discipline, and isolating developer hosts. The wave exposes systemic gaps in registry trust, CI practices, and extension hygiene, prompting calls for platform‑level protections and stricter supply‑chain vetting.
Widespread supply-chain compromises across npm, GitHub, VS Code extensions and package registries directly threaten developer credentials, CI secrets and cloud keys, raising systemic risk for software delivery. Tech teams must reassess dependency practices, CI governance and artifact provenance to prevent credential theft and downstream compromise.
Dossier last updated: 2026-06-01 14:04:44
Researchers report that attackers compromised the official @redhat-cloud-services npm namespace to publish over 30 backdoored packages containing a worm called Shai-Hulud that steals CI/CD and cloud credentials. The malicious payload executes during npm install, harvesting GitHub Actions secrets, npm tokens, Kubernetes/Vault keys and other credentials, encrypting them and exfiltrating via web requests or by committing to hijacked GitHub repos. The worm propagates by republishing tainted packages to third-party accounts accessible from infected machines. Security firms Aikido and Socket linked the malware to code previously released by TeamPCP and warned systems that installed affected packages be treated as compromised. Red Hat removed the packages and says no customer or production impact has been identified.
Researchers report that attackers compromised the official @redhat-cloud-services npm namespace and published a wormy backdoor across more than 30 packages that executes during npm install to harvest CI/CD and cloud credentials. The malware, dubbed Shai-Hulud and linked to TeamPCP’s prior open-source release and contest, steals GitHub Action secrets, npm tokens, Kubernetes/Vault material and other cloud credentials, encrypts them, and exfiltrates via web requests or by committing to compromised GitHub repos. It also propagates by republishing backdoored packages to accounts the infected environments can access. Red Hat removed the malicious packages and says internal development-only packages were affected and no customer production impact has been identified; investigators warn any system that installed the packages should be treated as compromised.
Rohan Prabhu / Step Security Blog : Researchers find several packages in the @redhat-cloud-services npm namespace shipped malware targeting credentials for GitHub Actions, AWS, GCP, and others — Several packages in the @redhat-cloud-services npm scope were found to carry malicious payloads that fire via a preinstall hook on every npm install.
Over 30 npm packages under the @redhat-cloud-services scope were hijacked via a trusted publishing gap tied to OIDC, with malicious versions published that retained valid provenance. The payload, dubbed Miasma, executed during npm install to exfiltrate developer and CI credentials and attempted lateral spread via npm tokens, Git repositories, and developer tooling configurations. Security researchers analyzed the incident, noting the worm-like behavior and the risk that provenance checks may not detect such abuse when tokens or OIDC trust are compromised. This matters because it undermines supply-chain integrity for enterprise packages, elevates risk for downstream consumers, and highlights gaps in current trusted-publishing and OIDC token protections. Stakeholders should rotate credentials, revoke affected packages, and audit CI trust settings.
Red Hat Insights' JavaScript packages were compromised via an NPM supply-chain attack that stole credentials for cloud platforms (AWS, GCP, Azure), Kubernetes, HashiCorp Vault, npm, and CircleCI, then self-propagated using the victims' npm credentials and a bypass_2fa setting. The intrusion reportedly established persistence through Claude Code hooks and VS Code task injection. Affected developers are urged to reprovision development hardware. The report highlights NPM as a recurring vector for supply-chain incidents, with developers expressing frustration over frequent breaches and perceived limited defensive options when maintainers' accounts are not robustly secured. Red Hat has published upstream documentation with remediation guidance.
Red Hat Cloud Services' publish pipeline was compromised today, producing and signing a malicious npm package (patch-client@4.0.4) via its GitHub Actions OIDC trusted publisher rather than a stolen token or typosquat. The malicious package runs on npm install, steals cloud credentials and self-propagates by injecting fake CodeQL workflows into repositories reachable with the stolen tokens. The incident has affected at least 32 packages so far, indicating supply-chain and CI/CD pipeline compromise risks and abuse of trusted publisher mechanisms. This matters because signed packages and OIDC-based workflows are increasingly relied upon for secure releases; attackers leveraging those trust paths can broadly compromise developer ecosystems and cloud accounts. Full remediation will require pipeline forensics, token rotation, and repository workflow audits.
Security researchers and the OSS community have flagged malicious npm releases across the @redhat-cloud-services scope after multiple Red Hat JavaScript packages were compromised. StepSecurity and related feeds list over 30 affected packages and specific tainted versions — including frontend-components, various *-client libraries, eslint-config-redhat-cloud-services, and shared javascript-clients — with versions such as @redhat-cloud-services/frontend-components@7.7.2 and @redhat-cloud-services/chrome@2.3.1. This matters because these packages are used by cloud and enterprise projects; a supply-chain compromise can inject malware or exfiltrate secrets across dependent projects. Developers and organizations should audit dependencies, pin known-good versions, and remove or isolate the listed versions until Red Hat publishes remediation and provenance details.
Multiple npm packages published under the @redhat-cloud-services scope have been identified as malicious after unauthorized or compromised releases, affecting a long list of Red Hat JavaScript clients and frontend libraries. Security researchers and StepSecurity flagged compromised versions (examples: @redhat-cloud-services/frontend-components 7.7.2, @redhat-cloud-services/chrome 2.3.1, @redhat-cloud-services/javascript-clients-shared 2.0.8) and published details to an OSS security feed and blog. This matters because these packages are used in cloud and enterprise web applications; backdoored or malicious releases can introduce supply-chain risks, credential theft, or remote code execution across downstream consumers. Developers and organizations using these packages should audit dependencies, remove or pin to safe versions, and follow Red Hat/npm advisories.
A developer has released CodeMoji, a Visual Studio Code extension that converts source code into emoji strings and can decode them back to the original text, with optional password protection for sharing snippets. The project uses a typical VS Code architecture: an extension host registers commands and manages lifecycle events, while a webview-based UI handles code input, emoji output, password options, and theme-aware styling via VS Code CSS variables. The encoding pipeline applies optional password-based protection, then Base64 encoding, then maps bytes to emojis. Key development issues included VS Code failing to launch the Extension Development Host due to conflicting watch/build tasks, and decoding failures caused by multi-codepoint emojis; the author fixed this by using only standalone emojis.
A practical checklist guides developers on evaluating third-party npm packages before installation, highlighting security, maintenance, and compatibility risks. The checklist — adapted from a detailed blog post — recommends checking package popularity, recent activity, maintainers’ reputations, license compatibility, dependency trees, and CI/testing status; it also advises scanning for malicious code, malformed metadata, and supply-chain risks like typosquatting or compromised maintainers. The piece stresses automated tools (linting, static analysis, SCA tools) plus manual code review of critical packages, pinned dependency versions, and minimizing direct dependencies when possible. This matters because npm’s vast ecosystem and supply-chain attacks make pre-install vetting essential for secure, reliable software development.
TanStack disclosed a supply-chain compromise on May 11, 2026 where an attacker published 84 malicious versions across 42 @tanstack packages by hijacking the project's CI pipeline—not by stealing npm credentials. The malicious artifacts carried valid SLSA provenance attestations, making this the first documented npm supply-chain malware with legitimate provenance. The attacker exploited a pull_request_target GitHub Actions anti-pattern, poisoned pnpm caches across trust boundaries, and used a staged payload to harvest credentials and self-propagate to 170+ packages via stolen publish tokens. External researcher ashishkurmi flagged it within six minutes; TanStack deprecated packages within ~1h43m. The postmortem details the chain and gives an immediate checklist (avoid pull_request_target with executed fork code, harden workflows, isolate caches, rotate tokens, and enforce least privilege). This matters because CI trust assumptions and SLSA attestations can be abused, forcing projects to change workflow patterns and runtime protections.
A veteran sysadmin argues that the old rule—always update dependencies promptly—no longer fits today’s sprawling open-source ecosystem. The article traces how software supply chains ballooned from a few vetted vendors to vast, underfunded OSS networks, exposing projects to both upstream CVE exploitation and risky updates or supply-chain compromises. Package-manager naivety, pressured release cycles, and overworked maintainers mean blindly updating can introduce breakage or malicious code, while not updating leaves known vulnerabilities. The piece criticizes superficial industry responses (CVEs, CVSS, compliance theater) and suggests the need for more pragmatic, risk-aware dependency strategies rather than dogmatic patch-or-die guidance. It matters because dependency management and supply-chain security directly affect software reliability and cyber risk.
An item titled “Software For My New Home Server” indicates a discussion or guide focused on selecting and installing software for a newly built or purchased home server. With no article body available, details such as the author, platform, operating system, or specific applications are not provided. Based on the title alone, the likely scope includes core server components (a server OS, storage and backup tools, networking and remote access, and possibly virtualization or container management) and common self-hosted services (media, file sharing, home automation, or monitoring). The topic matters because home servers are increasingly used to centralize data and services, improve local control, and reduce reliance on third-party cloud providers, but software choices affect security, reliability, and maintenance effort.
Researchers uncovered a coordinated supply-chain campaign called TrapDoor that has injected malicious packages into npm, PyPI, and Crates.io to target developers — especially in Web3, Solana/Sui, and AI tooling — and to poison AI coding agents that auto-import dependencies. The operation spans at least 34 malicious packages and 384 downstream versions, using typosquatting, dependency confusion, and payload delivery that activates when repositories or developer environments are detected. Security teams warn this increases risk for CI pipelines, package managers, and automated coding assistants that fetch libraries, potentially allowing credential theft, remote code execution, or unauthorized access. The finding matters because it escalates attacker focus on developer supply chains and AI-driven workflows, requiring tighter provenance checks, dependency scanning, and runtime protections.
Researchers reported in May 2026 that VS Code extensions NX Console and TeamPCP were compromised after attackers injected malicious code via a GitHub breach. Maintainers are rolling out patches and users are urged to update or remove affected extensions, audit dependencies, and check for suspicious developer-environment behavior. The incident highlights supply-chain risks for IDE extensions and the broader developer tool ecosystem, where a single repository compromise can push malware to many developers. Organizations should treat extension hygiene as part of security posture and monitor for unusual network or build activity.
Ionut Arghire / SecurityWeek : More than 5,500 GitHub repositories were infected with malware in a supply chain attack, dubbed Megalodon, on May 18 that relies on automated commits — Fake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens.
The Chinese National Cybersecurity Reporting Center warned that npm, the leading JavaScript package registry, was hit by a supply-chain poisoning campaign dubbed “Shai-Hulud.” Attackers compromised npm maintainer accounts and pushed hundreds of malicious package versions across more than 300 packages, enabling worm-like propagation. Malicious installers execute on developer machines and CI/CD environments to exfiltrate GitHub and npm tokens, cloud keys, SSH keys, Kubernetes credentials and DB strings, then reuse stolen npm publish rights to backdoor additional packages. Affected projects include echarts-for-react, multiple @antv libraries, 42 TanStack packages, Mistral AI PyPI packages and timeago.js. Authorities advised isolating infected hosts, auditing lockfiles and install scripts, cleaning leftover artifacts, rotating credentials and tightening dependency vetting.
Security researchers have identified a supply-chain campaign called “TrapDoor” that distributed malicious packages to npm, PyPI, and Crates.io to steal developer credentials and sensitive data. The packages attempted to exfiltrate AWS keys, GitHub tokens, SSH keys, browser data, and crypto-wallet information from developer machines and environments. Unusually, some payloads used hidden Unicode instructions to target AI workflow artifacts and files such as .cursorrules and CLAUDE.md, suggesting the attackers aimed to exploit emerging AI toolchains and prompt repositories. This matters because package-ecosystem compromises can rapidly affect many projects and infrastructure, highlighting ongoing risks in open-source dependencies and the need for stronger supply-chain protections.
A GitHub breach discovered in May 2026 compromised several popular developer extensions — notably NX Console, multiple VS Code integrations, and TeamPCP — by injecting malicious code into repositories and releases. The incident exposes a harmful software supply-chain vector affecting developers who install or update these extensions, potentially enabling backdoors, credential theft, or further propagation. GitHub and affected maintainers are investigating and issuing advisories and mitigations; users are urged to audit installations, rotate credentials, and verify checksums and provenance for extension packages. The episode underscores persistent risks in dependency management and the need for stronger supply-chain protections, code integrity checks, and developer-security hygiene.
Node.js projects face growing risk from npm supply-chain attacks and RCE vectors that hide in trusted dependencies, typosquatted packages, malicious install scripts, or dependency confusion. The article gives practical, CI-focused defenses: always commit lockfiles and use npm ci for reproducible installs; pin exact dependency versions and rely on automated PR tools (Dependabot/Renovate) for controlled updates; adopt a 30-day delay before consuming new releases so community scrutiny can surface malicious packages; and disable npm lifecycle scripts (ignore-scripts=true) to block postinstall/backdoor execution. Combined with pipeline guards, these steps reduce the chance a compromised package executes in production.