Nx Console VS Code Extension Compromised

Dev Machine Guard now scans IDE extensions across VS Code, Cursor, Windsurf, JetBrains IDEs, Android Studio, Eclipse, and Xcode on macOS, Windows, and Linux. Get a unified inventory, extension risk scoring, typosquat detection, and compromised extension visibility across your entire developer fleet.

A poisoned VS Code extension breached GitHub. A trojanized PyPI package hit Microsoft. Compromised GitHub Actions and a self-spreading npm worm targeted thousands more. In just 48 hours, attackers hit every layer of the software development pipeline. Traditional security tools did not stop any of it.

Dev Machine Guard now supports Linux, giving security teams full visibility into Linux, macOS, and Windows developer machines. Detect AI coding agents, IDE extensions, MCP servers, npm and system packages, and compromised dependencies across your entire developer fleet from one dashboard.

Dev Machine Guard now supports Windows, giving security teams full visibility into Windows and macOS developer machines. Detect AI coding agents, IDE extensions, MCP servers, npm packages, and compromised dependencies across your developer fleet from a single dashboard.

Three malicious versions of Microsoft's official durabletask Python SDK were published to PyPI on May 19, 2026. The compromised package silently downloads and executes a 28 KB payload that steals credentials from AWS, Azure, GCP, Kubernetes, password managers, and over 90 developer tool configurations, then spreads laterally through cloud infrastructure. The payload skips systems with a Russian locale, a hallmark of Eastern European cybercrime operations. The attack has been linked to the TeamPCP threat group behind the Mini Shai-Hulud campaign.

A new wave of the Mini Shai-Hulud worm has compromised packages across Alibaba's AntV data visualization ecosystem, echarts-for-react, timeago.js, and dozens more. Stolen CI/CD secrets are being dumped to thousands of public GitHub repositories as the attack continues to spread.

The popular GitHub Action actions-cool/issues-helper has been compromised. Every existing tag in the repository has been moved to point to a single imposter commit that does not appear in the action's normal commit history. That commit contains malicious code that exfiltrates credentials from CI/CD pipelines that run the action.

Introducing Secure Registry by StepSecurity: install-time defense for the npm supply chain. Block malicious packages, enforce package cooldowns, and protect CI/CD pipelines, developer machines, and artifact managers from modern software supply chain attacks.

Active Supply Chain Attack: Malicious node-ipc Versions Published to npm StepSecurity has detected multiple malicious releases of the popular node-ipc npm package. Three versions are currently known to be compromised, containing an obfuscated payload designed to steal cloud credentials, SSH keys, and CI/CD secrets. Our team is actively analyzing the attack, and this post will be updated as our investigation progresses

The Mini Shai-Hulud worm is actively compromising legitimate npm packages by hijacking CI/CD pipelines and stealing developer secrets. StepSecurity's OSS Package Security Feed first detected the attack in official @tanstack packages and is tracking its spread across the ecosystem in real time.

Twenty-nine hours after [email protected] and @cap-js/[email protected] were compromised by the Shai-Hulud worm, a third major npm package has fallen: [email protected], the official Node.js SDK for the Intercom customer messaging platform, with 361,510 weekly downloads — more than the two yesterday’s compromised packages combined. The malicious version was published today at 14:41 UTC via a hijacked GitHub Actions OIDC publishing pipeline, confirming the worm is actively propagating through CI/CD infrastructure stolen from yesterday’s victims.

On April 30, 2026, a supply chain compromise was identified in the lightning PyPI package — versions 2.6.2 and 2.6.3. The project’s GitHub account shows signs of compromise, with issues reporting the attack closed rapidly by suspicious responses.

StepSecurity has detected a new npm supply chain attack campaign using preinstall hooks to download the Bun JavaScript runtime and execute an 11 MB obfuscated payload. At least two SAP-ecosystem packages are confirmed compromised so far.

A malicious version of elementary-data (0.23.3) was published to PyPI and is, at the time of writing, still listed as the latest release. The same release run also pushed a multi-arch container image to GitHub Container Registry at ghcr.io/elementary-data/elementary, tagged both 0.23.3 and latest.

@bitwarden/[email protected] — the official command-line interface for the Bitwarden password manager — was found compromised on npm. A malicious preinstall hook silently bootstraps the Bun JavaScript runtime and launches a 9.7 MB obfuscated credential stealer that targets developer secrets, GitHub Actions environments, and — explicitly — AI coding tool configurations including ~/.claude.json and MCP server configs. All stolen data is encrypted with AES-256-GCM and exfiltrated to audit.checkmarx.cx, a domain impersonating the legitimate security company Checkmarx. When GitHub tokens are found, the malware weaponizes them to inject malicious workflows into repositories and extract CI/CD secrets — turning a single compromised developer machine into a supply chain attack pivot point.

xinference

On April 21, 2026, malicious versions of pgserve were published to npm. pgserve is an embedded PostgreSQL server for development — zero config, auto-provisioned databases, designed to be dropped into any Node.js project. The compromised versions (1.1.11, 1.1.12, and 1.1.13) inject a 1,143-line credential-harvesting script that runs via postinstall on every npm install.

StepSecurity adds cooldown and group support for Dependabot configuration, giving teams control over update frequency and PR batching across npm, pip, Docker, and GitHub Actions. Reduce alert fatigue. Merge more patches. Strengthen your supply chain.

AI coding agents install packages, create pull requests, push commits, and run autonomously in CI/CD pipelines. Here's how to secure every stage of that workflow

Modern supply chain attacks target developer machines and AI coding agents. Learn how StepSecurity Dev Machine Guard stops credential theft early

Explore key CI/CD security trends for 2024, including shifts to modern platforms, third-party component risks, rising security incidents, and the growing need for secure pipelines. Learn how to protect your organization from evolving threats in the CI/CD landscape.

A registry-only supply chain attack on @velora-dex/sdk delivers an architecture-aware macOS backdoor that fires the moment your code imports the package. No install hooks, no repo commits, no visible output.

StepSecurity's AI Package Analyst and Harden-Runner detected the compromise of axios, the largest npm supply chain attack on a single package by download count, before any public disclosure existed. What followed was a race against a state-sponsored threat actor who actively deleted GitHub issues to suppress the warning, a decision to host a community call at midnight that drew 200 attendees, and coverage from Bloomberg to Andrej Karpathy

Hijacked maintainer account used to publish poisoned axios releases including 1.14.1 and 0.30.4. The attacker injected a hidden dependency that drops a cross platform RAT. We are actively investigating and will update this post with a full technical analysis.

TeamPCP weaponized 76 Trivy version tags overnight. The KICS attack followed the same playbook days later. One security control is not enough. Here is how the StepSecurity platform's ten independent security layers work together to prevent credential exfiltration, detect compromised actions at runtime, and respond to incidents across your entire organization before attackers can succeed.

Your developer machine is running AI agents, MCP servers, IDE extensions, and hundreds of packages. Do you know which ones? Now there's a free, open-source way to find out.

Datadog's State of DevSecOps 2026 report confirms what StepSecurity has been warning about for years: CI/CD pipelines and GitHub Actions are prime targets for supply chain attacks. Learn how StepSecurity's platform directly mitigates every major risk identified in the report, from unpinned actions to day-of-release dependencies.

A week-long automated attack campaign targeted CI/CD pipelines across major open source repositories, achieving remote code execution in at least 4 out of 5 targets. The attacker, an autonomous bot called hackerbot-claw, used 5 different exploitation techniques and successfully exfiltrated a GitHub token with write permissions from one of the most popular repositories on GitHub. This post breaks down each attack, shows the evidence, and explains what you can do to protect your workflows.

How StepSecurity delivers real-world protection across all critical pillars identified in Wiz's SDLC Infrastructure Threat Framework (SITF)

A supply chain attack targeting Solidity and Web3 developers has been discovered across three IoliteLabs VSCode extensions (solidity-macos, solidity-windows, and solidity-linux) embedding obfuscated backdoors that download remote payloads and establish persistence on all major platforms. StepSecurity is actively investigating this incident and will publish a full technical analysis with IOCs and remediation guidance shortly.

On March 27, 2026, TeamPCP injected a WAV steganography-based credential stealer into two releases of the telnyx Python SDK on PyPI. The issue was disclosed in team-telnyx/telnyx-python#235. TeamPCP is the same group behind the litellm supply chain compromise three days earlier, identified by a shared RSA-4096 public key, identical encryption scheme, and the tpcp.tar.gz exfiltration signature present in both attacks.

On March 24, 2026, a critical supply chain compromise was identified in litellm==1.82.8: the PyPI package contains a malicious litellm_init.pth file

All release tags in the Checkmarx/kics-github-action repository have been compromised with an infostealer payload. If you are using this Action pinned to any version tag, treat your CI/CD secrets as compromised and rotate immediately.

Following Trivy's compromise, StepSecurity's AI Package Analyst flagged suspicious new releases across multiple npm scopes — revealing CanisterWorm, a self-propagating npm worm deployed by the TeamPCP threat actor. The worm is a direct continuation of the second Trivy compromise (v0.69.4): attackers embedded a credential harvester in Trivy's CI/CD toolchain, stole npm tokens from affected pipelines, then used those tokens to publish backdoored patch versions across every namespace they could reach — including the @opengov scope (16+ packages).

On March 19, 2026, trivy — a widely used open source vulnerability scanner maintained by Aqua Security — experienced a second security incident. Three weeks after the hackerbot-claw incident on February 28 that resulted in a repository takeover, a new compromised release (v0.69.4) was published to the trivy repository. The original incident disclosure discussion (#10265) was also deleted during this period, and version tags on the aquasecurity/setup-trivy GitHub Action were removed. Trivy maintainers deleted the v0.69.4 tag and Homebrew downgraded to v0.69.3. The following is a factual account of what we observed through public GitHub data.

On March 17, 2026, bittensor-wallet 4.0.2 was identified as a compromised PyPI package. The malicious release had been live on PyPI for approximately 48 hours before being yanked. This post is a ground-up technical breakdown based on a direct diff of the source tarballs for versions 4.0.1 and 4.0.2 — covering exactly what changed, how the backdoor works, and what defenders should do. We also ran the compromised package with StepSecurity Harden Runner and captured every C2 channel firing in real time.

On March 16, 2026, StepSecurity Threat Intel was the first to detect and report malicious releases in two popular React Native npm packages — react-native-international-phone-number and react-native-country-select. StepSecurity's AI Package Analyst flagged the compromised versions, and within minutes, StepSecurity filed security issues directly in both GitHub repositories — alerting the maintainer and the community before any other security vendor.

The StepSecurity threat intelligence team discovered that dev-protocol — a verified GitHub organization with 568 followers belonging to a legitimate Japanese DeFi project — has been hijacked and is now being used to distribute malicious Polymarket trading bots.

The StepSecurity threat intelligence team was the first to discover and report on an ongoing campaign — which we are tracking as ForceMemo — in which an attacker is compromising hundreds of GitHub accounts and injecting identical malware into hundreds of Python repositories. The earliest injections date to March 8, 2026, and the campaign is still active with new repos continuing to be compromised.

The official Xygeni GitHub Action (xygeni-action) was compromised on March 3, 2026, when an attacker using stolen maintainer credentials injected a full C2 reverse shell backdoor and silently moved the mutable v5 tag to the malicious commit - affecting all repositories referencing @v5 without any visible change to their workflow files. The v5 tag remains poisoned as of March 9; users should immediately pin to v6.4.0 or a specific commit SHA, and StepSecurity's Harden-Runner would have detected and blocked the C2 callback to 91.214.78.178.

On March 5, 2026, a threat actor exploited a classic "Pwn Request" vulnerability in the CI workflow of kubernetes-el/kubernetes-el, a popular Emacs package for managing Kubernetes clusters. The attacker stole the repository's GITHUB_TOKEN (with full write permissions), exfiltrated CI/CD secrets, defaced the repository, and injected destructive code.

StepSecurity AI Package Analyst detected 70+ ghost releases across npm's most trusted TypeScript packages.

Harden Runner now supports Windows and macOS GitHub Actions runners, delivering EDR-level runtime security across Linux, Windows, and macOS CI/CD pipelines

From 5,000 to 10,000 in just one year: How Harden-Runner doubled its reach and became the standard for CI/CD runtime security

Massive NPM supply chain attack targets cryptocurrency users through compromised maintainer account - affecting packages downloaded billions of times weekly including debug, chalk, ansi-styles, color-convert, strip-ansi and 15+ other critical JavaScript packages. Malicious code injected to steal cryptocurrency wallets and redirect blockchain transactions.

Discover the key developments in CI/CD security in 2024, including major incidents, real-world case studies, and emerging trends for 2025. Learn how StepSecurity is driving innovation to secure CI/CD pipelines with proactive solutions.

Discover best practices for using Docker in Actions Runner Controller (ARC) runners securely. Learn how to implement network egress filtering and runtime security to protect your CI/CD pipelines effectively.

StepSecurity Harden-Runner has secured 1,000+ repositories! Celebrate this milestone with us as we reflect on our journey of growth, collaboration, and commitment to enhancing CI/CD security.

StepSecurity detected early supply chain risk signals in a legitimate kilocode npm release, showing how small behavior changes can quietly weaken trust before attacks happen

npm 'is' package versions 3.3.1 and 5.0.0 compromised - critical utility with millions of weekly downloads falls victim to expanding phishing campaign

Unlike GitHub Copilot's built-in network firewall, anthropics/claude-code-action GitHub action operates in GitHub Actions without network restrictions by default. Complete guide to implementing Claude Code in GitHub Actions with runtime security monitoring using Harden-Runner.

tj-actions/changed-files

Explore StepSecurity's Catalog of Fixes, a comprehensive resource to help developers automate security fixes in GitHub Actions workflows. Learn how to improve CI/CD security with actionable solutions.

StepSecurity has secured over 400 repositories and is shaping the future of CI/CD security. Learn about our impact, key milestones, and upcoming plans to enhance GitHub Actions security.

StepSecurity introduces anomalous outbound call detection using machine learning! Learn how this feature enhances CI/CD security by identifying and mitigating suspicious network activities in real-time.

Introducing GitHub Actions Advisor and StepSecurity-maintained Actions! Learn how these tools help developers enhance GitHub Actions security, manage third-party risks, and ensure workflow compliance effortlessly.

Explore an in-depth analysis of the backdoored XZ Utils build process using StepSecurity Harden-Runner. Learn how real-time monitoring detected malicious activity and safeguarded CI/CD pipelines from supply chain attacks.

StepSecurity announces the general availability of Harden-Runner! Discover how this powerful tool enhances CI/CD security by monitoring network egress, detecting anomalies, and automating GitHub Actions protection.

StepSecurity Harden-Runner has secured 2,500+ public repositories! Learn how this milestone reflects the growing trust in CI/CD security solutions to protect GitHub Actions workflows and prevent supply chain attacks.

Learn how to build secure, secretless CI/CD pipelines using the "Wait for Secrets" approach by StepSecurity. Discover how to reduce secret exposure risks and enhance GitHub Actions security.

Get visibility into GitHub Apps, fine-grained PATs, and classic PATs across all your organizations in one dashboard

CVE-2026-22709; vm2

StepSecurity now supports dark mode for a more comfortable security investigation experience. Reduce eye strain and stay focused during long CI/CD analysis sessions

How StepSecurity achieved 5X ARR growth for the second year in a row while securing over 10,000 open-source repositories in 2025

GitHub's new custom runner images let you embed Harden-Runner directly into your infrastructure, providing automatic runtime protection across all workflows without modifying a single workflow file

The StepSecurity App is now available on Azure Marketplace—simplifying procurement, deployment, and CI/CD security in one place.

CVE-2025-55182;CVE-2025-66478;reactjs;nextjs

A case study on detecting npm supply chain attacks through runtime monitoring and baseline anomaly detection

Sha1-Hulud: The Second Coming

We are currently investigating a potential supply chain security incident involving the eslint-config-prettier npm package. This widely-used package, which helps developers maintain consistent code formatting by turning off ESLint rules that conflict with Prettier, appears to have had multiple versions published with suspicious modifications.

StepSecurity Harden-Runner now protects 9,000+ open-source projects, delivering real-time CI/CD runtime security and defending pipelines against modern supply chain attacks.

The Shai-Hulud worm has infected over 500 NPM packages including @ctrl/tinycolor in an unprecedented self-propagating supply chain attack. The malware harvests AWS/GCP/Azure credentials using TruffleHog, establishes persistence through GitHub Actions backdoors, and automatically spreads to other maintainer packages - marking the first successful worm attack in the NPM ecosystem.

Instantly trace any npm package to its origin—across every repository, pull request, and contributor—with StepSecurity’s NPM Package Search.

We’re thrilled to announce that we are sponsoring GitHub Universe 2025 as a Bronze Sponsor — our very first booth at a major conference!

s1ngularity attack hijacked Nx package on npm to steal cryptocurrency wallets, GitHub/npm tokens, SSH keys, and environment secrets - the first documented case of malware weaponizing AI CLI tools for reconnaissance and data exfiltration.

Protect your software supply chain with StepSecurity Threat Intelligence. Get real-time alerts on compromised packages, seamless SIEM integration, and actionable intelligence to reduce MTTD and MTTR.

StepSecurity’s Harden-Runner now protects 8,000+ repositories with EDR-style runtime monitoring for CI/CD pipelines, stopping supply chain attacks and securing GitHub Actions.

Learn how to secure Google Gemini in GitHub Actions with Harden-Runner, combining observability with runtime monitoring for CI/CD security

GitGuardian researchers discover massive supply chain attack affecting 817 repositories across 327 GitHub users. Malicious workflows exfiltrated 3,325 secrets including PyPI, npm, and DockerHub tokens through compromised developer accounts.

We’re excited to announce the release of our NPM Package Cooldown Check, which helps teams block newly released, potentially compromised dependencies, while still allowing emergency fixes and integrating seamlessly into GitHub workflows

Secure GitHub Copilot in CI/CD with StepSecurity Harden-Runner. Gain runtime visibility, block threats, and achieve true defense-in-depth.

The ROI Calculator provides instant visibility into your GitHub Actions security gaps and quantifies the value of addressing them.

Microsoft Defender was unexpectedly installed on multiple workflow runs from mid-July through mid-August, causing abnormal network traffic. StepSecurity Harden Runner detected this infrastructure anomaly within hours, and GitHub Support has since resolved the issue

Learn how StepSecurity Harden-Runner detects source code tampering during the build process. Discover how real-time monitoring enhances CI/CD security by preventing unauthorized code modifications.

How an AWS release rollback triggered the same red flags as a supply chain attack — and why treating every tag movement as suspicious is key to protecting your CI/CD pipelines

We reveal how baseline-driven monitoring caught one of 2025's most consequential CI/CD supply chain attacks, exposing the vulnerability of 23,000+ repositories including those from GitHub, Meta, and Microsoft.

How threat actors exploited AWS CodeBuild pipelines by stealing secrets from CI/CD memory—and the proactive defenses organizations can deploy to detect, respond to, and prevent such attacks.

Popular Python Package num2words v0.5.15 Published Without Repository Tag, Linked to Known Threat Actor

As organizations integrate AI coding agents into their development pipelines, new security considerations emerge. While these tools accelerate development, they require thoughtful security approaches to protect against novel attack vectors like Rules File Backdoor attacks and GITHUB_TOKEN compromise.

Several popular GitHub Actions have release processes where the release commit does not belong to any branch on the action repository.

Discover GitHub Actions secrets management best practices to protect sensitive information in your CI/CD pipelines. Learn how to securely store, use, and manage secrets with actionable tips from StepSecurity.

reviewdog GitHub Actions are compromised

StepSecurity’s Harden-Runner now protects over 7,000 GitHub repositories with real-time CI/CD runtime monitoring, threat detection, and supply chain security enforcement—backed by features like impostor commit alerts, process-based detections, and GitLab support.

Policy Driven PRs now upgrade third-party Actions to StepSecurity Maintained versions across your entire organization

The StepSecurity App is now available on AWS Marketplace—simplifying procurement, deployment, and CI/CD security in one place

StepSecurity Artifact Monitoring continuously watches your artifact registries to verify every release follows your approved CI/CD process. When attackers bypass your secure pipeline using compromised credentials, you'll know within minutes instead of months

Workflow Run Policies enable you to block non-compliant GitHub Actions workflow runs, helping security and platform teams stop risky workflows before they execute

StepSecurity's Harden-Runner detected unexpected traffic to release-assets.githubusercontent.com across multiple GitHub Actions workflows, prompting a swift investigation. Learn how baseline monitoring caught this change, why it matters for CI/CD security, and how to stay protected.