惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
WordPress大学
WordPress大学
N
Netflix TechBlog - Medium
宝玉的分享
宝玉的分享
V
Visual Studio Blog
S
Securelist
P
Palo Alto Networks Blog
A
Arctic Wolf
T
Tor Project blog
P
Proofpoint News Feed
I
InfoQ
博客园 - 三生石上(FineUI控件)
T
Threat Research - Cisco Blogs
G
GRAHAM CLULEY
M
MIT News - Artificial intelligence
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Microsoft Security Blog
Microsoft Security Blog
MongoDB | Blog
MongoDB | Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
Apple Machine Learning Research
Apple Machine Learning Research
S
Secure Thoughts
Cyberwarzone
Cyberwarzone
Blog — PlanetScale
Blog — PlanetScale
Simon Willison's Weblog
Simon Willison's Weblog
博客园 - 【当耐特】
大猫的无限游戏
大猫的无限游戏
腾讯CDC
Latest news
Latest news
Project Zero
Project Zero
V
Vulnerabilities – Threatpost
Y
Y Combinator Blog
S
SegmentFault 最新的问题
Schneier on Security
Schneier on Security
C
CERT Recently Published Vulnerability Notes
W
WeLiveSecurity
罗磊的独立博客
Stack Overflow Blog
Stack Overflow Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
L
LINUX DO - 热门话题
N
News and Events Feed by Topic
PCI Perspectives
PCI Perspectives
C
Cisco Blogs
Application and Cybersecurity Blog
Application and Cybersecurity Blog
爱范儿
爱范儿
T
The Exploit Database - CXSecurity.com
The Last Watchdog
The Last Watchdog
人人都是产品经理
人人都是产品经理
GbyAI
GbyAI
Know Your Adversary
Know Your Adversary
U
Unit 42

Wiz Blog | RSS feed

Meet Wiz for M365: Bringing SaaS into the Security Graph Bringing Security Visibility to Vercel with Wiz Axios NPM Distribution Compromised in Supply Chain Attack Tracking TeamPCP: Investigating Post-Compromise Attacks Seen in the Wild The Wiz Blue Agent, now Generally Available Beyond the Badge: What Achieving Microsoft’s Certified Software Designation Means for Your Cloud Security Introducing the Green Agent: AI-Powered Remediation for the Cloud Three’s a Crowd: TeamPCP trojanizes LiteLLM in Continuation of Campaign KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attack Introducing the Wiz Red Agent- AI-Powered Attacker Introducing Wiz AI Application Protection Platform (AI-APP) Introducing Wiz Agents & Workflows: Security at the Speed of AI AI Runtime Threat Detection: From Input to Real-World Impact Trivy Compromised: Everything You Need to Know about the Latest Supply Chain Attack It’s Official: Wiz Joins Google Understanding and Reducing AI Risk in Modern Applications Introducing Wiz Tenant Manager: Multi-Tenant Management for Federated Organizations The Agile FedRAMP Playbook, Part 4: Reactive Risk Management through Enriched Incident Response Wiz Achieves CPSTIC Certification in Spain Seeing AI Clearly: Building Visibility Across Modern AI Applications The Agile FedRAMP Playbook, Part 3: Preventative Risk Management by building Secure by Design Wiz Leads the 2026 Latio Application Security Report with awards in 4 categories Building an Agentic Cloud Security Ecosystem: A Reference Architecture with Wiz MCP and Infosys Cyber Next The Agile FedRAMP Playbook, Part 2: Proactive Risk Management with Continuous Monitoring Cloud-native Security for your Windows environment: Announcing the Wiz Runtime Sensor for Windows Would You Click ‘Accept’? Automatically detecting malicious Azure OAuth applications using LLMs Wiz Named a Leader in The Forrester Wave™: Cloud Native Application Protection Solutions, Q1 2026 From Detection to Remediation: It’s Time to Rethink AppSec Around Exploitability and Root Cause Fixes The Agile FedRAMP Playbook, Part 1: Why Risk is Your Best Starting Point Introducing AI Cyber Model Arena: A Real-World Benchmark for AI Agents in Cybersecurity Wiz + Spotify Backstage: Security at the Developer’s Desk Building AI Security Together: New Ways to Partner with Wiz for AI Security in 2026 Hacking Moltbook: The AI Social Network Any Human Can Control The Year in Wiz Research: 2025 Most Read Blogs WizExtend is Here: AI and Cloud Security Insights in Your Daily Workflow From Detection to Remediation: Wiz in Your JetBrains IDE Agentic Browser Security: 2025 Year-End Review CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild A 90-Day Action Plan to Turn Resolutions into Results with Wiz Introducing the Wiz Partner Alliance: A New Chapter for Partner Success Preparing for Post-Quantum Cryptography Wiz Recognized as a 2025 Customers’ Choice in the Gartner® Peer Insights™ Voice of the Customer for CNAPP Expanding the Zero Critical Club to set a new standard for AppSec and SecOps teams Snipping the Long Tail of Shai-Hulud 2.0 Protecting Against Zero-Day Vulnerabilities with SOC-Level ASM Alert MongoBleed (CVE-2025-14847) exploited in the wild: everything you need to know The Kenna Transition: Your Strategic Shift to Exposure Management From MCP to Vibe Coding: Full Endpoint Visibility in Wiz AI Security Bringing Oracle Cloud Identity to Wiz Zero‑Days in the Age of AI: Behind the Scenes of ZeroDay.cloud 2025, with a Record High of CVEs in Critical Cloud Infra Gogs 0-Day Exploited in the Wild Code to Cloud Attacks: From Github PAT to Cloud Control Plane Top AWS re:Invent Announcements for Security Teams in 2025 React2Shell: Technical Deep-Dive & In-the-Wild Exploitation of CVE-2025-55182 React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability Wiz Product Announcements at re:Invent 2025: Expanding Visibility from Code to Cloud Introducing Wiz SAST: Where Code Risk Meets Cloud Context Wiz Becomes Fastest Security ISV to Reach $1 Billion in AWS Marketplace Lifetime Sales It's Here! Wiz Exposure Management is Now GA Shai-Hulud 2.0 Aftermath: Trends, Victimology and Impact Service Catalog is Here: Expand Risk Visibility for Your Service and Its Dependencies, Simplify Issue Ownership WizOS: Powering Secured Image Adoption with AI 3 OAuth TTPs Seen This Month — and How to Detect Them with Entra ID Logs Mastering Software Governance with Hosted Technologies Inventory Shai-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposing Secrets Get Certified on Wiz Defend for Threat Detection and Response Blueprint for Security: A Guide to Code, Governance, and Response Frameworks Google Unified Security Recommended Program Names Wiz Among First 3 Strategic Partners Introducing Posture Issues: Transform Security Findings into Actionable Outcomes Empower and Accelerate Your SOC with the Blue Agent Exposure Report: 65% of Leading AI Companies Found with Verified Secret Leaks Wizdom 2025 Product Announcements: Extending the Cloud Operating Model When AI Becomes the Heart of Security: Powering a Future You Can Trust AI-Powered Wiz: From Agents to Everyday Intelligence Defend Agentless Workload Detection: Bringing Visibility to Blind Spots in Threat Detection Securing AI Agents with Wiz AI-SPM Introducing Wiz ASM: Context-Driven Attack Surface Management Securing Critical Infrastructure in the Cloud Era: A Policy and Technology Blueprint How CISOs Should Plan Security Budgets for 2026 Beyond the Checkbox: How Wiz Transforms SOC 2 into a Security Powerhouse Bringing Visibility to Kubernetes: Unified Inventory and Network Insight The Foundation Modern AppSec Is Still Missing: Code to Cloud, Rebuilt the Right Way Dismantling a Critical Supply Chain Risk in VSCode Extension Marketplaces Introducing HoneyBee: How We Automate Honeypot Deployment for Threat Research RediShell: Critical Remote Code Execution Vulnerability (CVE-2025-49844) in Redis, 10 CVSS score Defending against database ransomware attacks AI Security 101: Mapping the AI Attack Surface Introducing zeroday.cloud: First-of-its-kind cloud and AI hacking competition Unifying Cloud Risk and Network Defense: Wiz and Check Point The emerging use of malware invoking AI Wiz achieves FedRAMP High authorization Wiz + HCP Terraform: Close the IaC-to-Cloud Infrastructure Security Gap IMDS Abused: Hunting Rare Behaviors to Uncover Exploits Beyond CVEs: The Exploitation of Everyday Misconfigurations Wiz Research Discovers One in Five Organizations Exposed to Systemic Risks in Vibe-Coded Applications - Here's How to Secure Them Introducing Wiz Incident Response: Your Expert Partner for Cloud Security Incidents Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware DORA Compliance in the Cloud Era: Insights from Deloitte and Wiz How Wiz Customers like Brex and FICO See AI Changing Security Wiz Recognized as a Leader in the 2025 IDC MarketScape for ASPM
Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware
Benjamin Read, Merav Bar, Shay Berkovich, Gili Tikochinski · 2026-04-29 · via Wiz Blog | RSS feed

Update 1520 UTC, 30 April 2026: Two additional packages were trojanized today:

NPM Package: intercom-client@7.0.5

PyPI package lightning@2.6.2 and 2.6.3

Both packages appear to contain the same malicious functionality previously seen in the SAP operation. Analysis is ongoing.

Update 2140 UTC, 29 April 2026: Lightning and intercom-client payload analysis

Analysis of the malicious payloads shows an evolution in both exfiltration and credential harvesting techniques. In addition to earlier GitHub-based exfiltration, the malware now leverages dedicated infrastructure, primarily the domain zero.masscan.cloud, while also implementing a dynamic fallback mechanism.

The fallback retrieves configuration data from GitHub by searching for commits containing a specific keyword (“beautifulcastle”), which embeds a base64-encoded payload pointing to an exfiltration endpoint (currently resolving to 94.154.172[.]43/v1/telemetry. This approach allows attackers to update exfiltration infrastructure without publishing new malicious package versions.

The payload found in the intercom-client package further expands capabilities by actively scanning for secrets in Kubernetes environments and HashiCorp Vault. It queries Kubernetes service endpoints and Vault configurations, using extensive regex-based matching to extract credentials such as AWS keys, GitHub and npm tokens, database connection strings, private keys, and API secrets (e.g., Stripe, Slack, Twilio). This indicates a strong focus on cloud-native environments and CI/CD pipelines, significantly increasing the potential impact of the compromise through automated large-scale credential harvesting.

Update 1745 UTC, 29 April 2026: TeamPCP attribution confirmed and new functionality documented.

A new supply chain operation from TeamPCP calling itself “Mini Shai Hulud” compromised SAP-related npm packages by injecting malicious preinstall scripts that execute during dependency installation. The campaign leverages a multi-stage payload to harvest developer and CI/CD secrets across GitHub, npm, and major cloud providers, and exfiltrates the data via attacker-controlled GitHub repositories. It also contains code designed to propagate via compromised tokens. TeamPCP is very likely responsible for this campaign, based on a shared RSA public key and overlaps in encoding routines and region guardrails.

What happened?

Malicious versions of legitimate SAP ecosystem packages (e.g., `@cap-js/sqlite`, `@cap-js/postgres`) were created by modifying them to include a `preinstall` script that executes `setup.mjs` automatically during `npm install`. This script downloads the Bun runtime and executes an obfuscated payload (`execution.js`), enabling attacker-controlled code execution prior to package installation completion. 

When executed, the second-stage payload is a credential stealer and propagation framework designed to target both developer environments and CI/CD pipelines. It collects sensitive data including GitHub tokens, npm credentials, cloud secrets (AWS, Azure, GCP), Kubernetes tokens, and GitHub Actions secrets—leveraging advanced techniques such as extracting secrets from runner memory. Exfiltration occurs via public GitHub repositories, where it posts encrypted payloads. Additionally, the malware includes propagation logic to infect additional repositories and package distributions.

During its initial setup, the malware performs a system check to determine if the compromised machine is configured for the Russian language. It does this by inspecting both the system's date/time locale settings and its environment language variables. If any of these values begin with 'ru', the payload abruptly terminates itself, ensuring no data is exfiltrated from Russian-speaking systems.

Compromised users by hours, UTC timezone

While we estimate this campaign is currently active, the volume of compromised users and attacker-created exfiltration repositories appears significantly lower than that of Shai-Hulud or Shai-Hulud 2.0.

Compromised repositories by hours, UTC timezone

Notable Updates

This operation broadly follows the same methods used in previous TeamPCP operations, but contains a number of notable evolutions.

Github Exfiltration

In the Bitwarden operation, the malware would attempt to exfiltrate the encrypted blob of secrets to GitHub only if the primary exfiltration mechanism to a C&C domain failed. In this operation, exfiltration to GitHub is the primary and only way to exfiltrate secrets. The mechanisms are substantially similar, using the same naming scheme (word1-word2-number) and the same repo description “"Checkmarx Configuration Storage" The biggest change is that the SAP operation uses the GraphQL API, rather than the REST API, which was used in the Bitwarden operation.

Fallback to GitHub Poisoning

If the credential collection is not able to identify a gh[op]_ (PAT/OAuth) token and GITHUB_REPOSITORY is set it will attempt to poison that GitHub repository. It does this only if ghs_ or ghs_old tokens are present (and no GitHub PAT tokens are). The below files are placed in the repo, in an attempt to infect users who open the repo in Claude Code or VSCode:

PathContentPurposeHashes
.claude/execution.jsSelf-copy of the running payload via Bun.mainPayload for Claude Code usersIdentical to the initial execution.js
.claude/setup.mjsThe dropper Dropper that downloads Bun and executes the payloadIdentical to the initial setup.mjs
.claude/settings.jsonClaude Code hooks configuration Claude Code SessionStart hook — runs node .vscode/setup.mjs on every session

SHA256: 14eb4ce01dd4307759887ff819359b70d7d9ff709ecde039a5abc1aac325b128  SHA1: ff7ed7a0fa1c43eed01809d076feedbaed464fc7   MD5: 00ca0c04d247ef09f2b2acc452029345

.vscode/tasks.jsonVS Code task configurationVS Code task "Environment Setup" — runs node .claude/setup.mjs on folder open (runOn: folderOpen)

SHA256: 927387d0cfac1118df4b383decc2ea6ba49c9d2f98b47098bcbcba1efc026e1f  SHA1: 7b0278216ac31ec18eca9eb8bc1c1261a1b26f6c  MD5: dbb9b09957113463bbeb420c2c4108b5

.vscode/setup.mjsSame dropper as .claude/setup.mjs Dropper for VS Code execution pathIdentical to the initial setup.mjs

Browser Credential Theft

The SAP operation adds the ability to steal credentials from multiple browsers (Chrome, Safari, Edge, Brave, Chromium) and exfiltrate any passwords found there. This feature was not present in any of the previous operations.

Exfiltration Fallback Mechanism

Consistent with previous Shai-Hulud attacks, this new variant utilizes a fallback mechanism to exfiltrate secrets from environments lacking local GitHub (GH) tokens or credentials. If local credential harvesting fails, the malware actively searches GitHub for commits beginning with a specific signature phrase: "OhNoWhatsGoingOnWithGitHub".

This phrase is the default commit message the malware uses when exfiltrating data. Appended to this phrase is a double-base64 encoded GitHub token:

Once located, the malware extracts and validates this token to facilitate further data exfiltration. Consequently, even if your organization has not created any new repositories, your secrets may still be compromised and routed to an entirely unrelated, attacker-controlled repository.

Attribution

Wiz assesses with high confidence that this is the work of the same TeamPCP operators that have previously compromised multiple libraries. This assessment is due to a shared RSA public key used to encrypt the exfiltrated secrets. This means that the same private key would decrypt the payloads, limiting the accessibility of the exfiltrated data to TeamPCP. 

Additional commonalities:

  • The malware has an early check for the system language and if it is found to be “ru” the malware exits and does not exfiltrate any secrets. This was previously present in the Checkmarx and Bitwarden compromises.

  • The package uses the same npm install hook to start execution that was used in the Bitwarden CLI compromise.

  • GitHub based exfiltration to Dune themed repos was the fallback C2 method for the Bitwarden CLI operation, but is now the primary option.

While this operation contains references to the Shai-Hulud operations from the fall of 2025, we cannot definitively link them or say they are a separate actor.

Affected Packages 

npm packages:

  • @cap-js/sqlite – v2.2.2

  • @cap-js/postgres – v2.2.2

  • @cap-js/db-service – v2.10.1

  • mbt – v1.2.48

Indicators of compromise

@cap-js/postgres 2.2.2

FileHash
Tarball (3,409,213 bytes)SHA256: 1d9e4ece8e13c8eaf94cb858470d1bd8f81bb58f62583552303774fa1579edee
Tarball (3,409,213 bytes)SHA1: e80824a19f48d778a746571bb15279b5679fd61c
Tarball (3,409,213 bytes)MD5: e32eaf0c3cde9616831a1e92d42b0058
execution.js (11,723,748 bytes)SHA256: eb6eb4154b03ec73218727dc643d26f4e14dfda2438112926bb5daf37ae8bcdb
execution.js (11,723,748 bytes)SHA1: ca4a5bb85778ffcd2153ace88fe2d882c8ceeb23
execution.js (11,723,748 bytes)MD5: b523a69b27064d1715d1f0aaffcfae63

@cap-js/db-service 2.10.1

FileHash
Tarball (3,490,641 bytes)SHA256: 258257560fe2f1c2cc3924eae40718c829085b52ae3436b4e46d2565f6996271
Tarball (3,490,641 bytes)SHA1: 4b04304f6d51392e3f43856c94ca95800518a694
Tarball (3,490,641 bytes)MD5: d468f16eafccbc54a994f3d675ace8ae
execution.jsIdentical to @cap-js/postgres 2.2.2

@cap-js/sqlite 2.2.2

FileHash
Tarball (3,395,651 bytes)SHA256: a1da198bb4e883d077a0e13351bf2c3acdea10497152292e873d79d4f7420211
Tarball (3,395,651 bytes)SHA1: 7b6a28e92149637e5d7c7f4a2d3e54acd507c929
Tarball (3,395,651 bytes)MD5: 8cd683f78735c9bfc32600c73d3d9abe
execution.js (11,729,871 bytes)SHA256: 6f933d00b7d05678eb43c90963a80b8947c4ae6830182f89df31da9f568fea95
execution.js (11,729,871 bytes)SHA1: bc95cc5dda788295aa0c9456791520599ef99526
execution.js (11,729,871 bytes)MD5: 6fb87d243b011b5445f379f80e1a6b4d

mbt 1.2.48

FileHash
Tarball (3,373,788 bytes)SHA256: 86282ebcd3bebf50f087f2c6b00c62caa667cdcb53558033d85acd39e3d88b41
Tarball (3,373,788 bytes)SHA1: 0af7415d65753f6aede8c9c0f39be478666b9c12
Tarball (3,373,788 bytes)MD5: 04d8a99447b16f6839fff3b978f88d7e
execution.js (11,678,349 bytes)SHA256: 80a3d2877813968ef847ae73b5eeeb70b9435254e74d7f07d8cf4057f0a710ac
execution.js (11,678,349 bytes)SHA1: 6bc859aaee1f8885eec2a3016226e877e5adba08
execution.js (11,678,349 bytes)MD5: 45dc9c02f82b4370ca92785282d43a86

Shared Dropper (all 4 packages)

FileHash
setup.mjs (4,549 bytes)SHA256: 4066781fa830224c8bbcc3aa005a396657f9c8f9016f9a64ad44a9d7f5f45e34
setup.mjs (4,549 bytes)SHA1: 307d0fa7407d40e67d14e9d5a4c61ac5b4f20431
setup.mjs (4,549 bytes)MD5: 35baf8316645372eea40b91d48acb067

What steps should security teams take?

  • Immediately identify exposure: Search environments, lockfiles, artifact stores, and CI logs for affected package versions and malicious files (setup.mjs, execution.js).

  • Rotate all credentials: If exposure is suspected, rotate GitHub tokens, npm tokens, cloud credentials, Kubernetes tokens, and CI/CD secrets, this malware targets all of them.

  • Audit GitHub activity: Look for suspicious commits, newly created repositories, or indicators such as the propagation keyword and unusual commit authors.

References