惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

有赞技术团队
有赞技术团队
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
aimingoo的专栏
aimingoo的专栏
IT之家
IT之家
G
Google Developers Blog
爱范儿
爱范儿
博客园 - 司徒正美
Recent Announcements
Recent Announcements
The Register - Security
The Register - Security
J
Java Code Geeks
The Cloudflare Blog
M
MIT News - Artificial intelligence
Apple Machine Learning Research
Apple Machine Learning Research
Microsoft Security Blog
Microsoft Security Blog
博客园 - Franky
雷峰网
雷峰网
酷 壳 – CoolShell
酷 壳 – CoolShell
Blog — PlanetScale
Blog — PlanetScale
Vercel News
Vercel News
宝玉的分享
宝玉的分享
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
B
Blog
小众软件
小众软件
Microsoft Azure Blog
Microsoft Azure Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
WordPress大学
WordPress大学
T
Troy Hunt's Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
H
Hacker News: Front Page
H
Help Net Security
S
Security @ Cisco Blogs
V
V2EX
Security Archives - TechRepublic
Security Archives - TechRepublic
Stack Overflow Blog
Stack Overflow Blog
O
OpenAI News
L
LINUX DO - 最新话题
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
S
Secure Thoughts
Help Net Security
Help Net Security
F
Full Disclosure
博客园 - 叶小钗
The Hacker News
The Hacker News
Spread Privacy
Spread Privacy
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Jina AI
Jina AI
K
Kaspersky official blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
V
Vulnerabilities – Threatpost
P
Privacy International News Feed
Scott Helme
Scott Helme

Arctic Wolf

Home-Field Disadvantage: AiTM, QR-Code Phishing, and Infostealers at the 2026 FIFA World Cup arcticwolf.com arcticwolf.com Celebrating Arctic Wolf’s 2026 Partner of the Year Winners at Global Partner Kickoff Celebrating Arctic Wolf’s 2026 Partner of the Year Winners at Global Partner Kickoff Die Auswahl Einer Vulnerability Management-Lösung The Hidden Economics of the Agentic SOC The Hidden Economics of the Agentic SOC | Arctic Wolf Security Operations in Maschinen-Geschwindigkeit Aurora Mobile Threat Defense — Addressing Your Highest‑Trusted, Least Protected Endpoints - Arctic Wolf Aurora Mobile Threat Defense — Addressing Your Highest‑Trusted, Least Protected Endpoints - Arctic Wolf How Aurora Managed Endpoint Defense Combines Experts and Technology to Simplify Security Aurora Endpoint Sicherheitsportfolioa | Arctic Wolf From Token Bingo to MAX Takeover: Kali365 Operator Expands Operation Across Microsoft Outlook, Okta, Xerox DocuShare, and Other Services From Token Bingo to MAX Takeover: Kali365 Operator Expands Operation Across Microsoft Outlook, Okta, Xerox DocuShare, and Other Services arcticwolf.com arcticwolf.com Arctic Wolf Product Updates: May 2026 arcticwolf.com Arctic Wolf Product Updates: May 2026 FortiClient EMS Exploited via CVE-2026-35616 to Deliver EKZ Infostealer Disguised as a Fortinet Patch - Arctic Wolf FortiClient EMS Exploited via CVE-2026-35616 to Deliver EKZ Infostealer Disguised as a Fortinet Patch What’s New What’s Next with Arctic Wolf: May 2026 Update Cybersecurity Trends in the Age of AI arcticwolf.com Arctic Wolf、AI搭載のモバイル脅威防御ソリューションを発表、 増加するモバイル端末を標的としたサイバー攻撃から組織を保護 How Arctic Wolf Aurora Mobile Threat Defense Protects the Mobile Attack Surface How AI Is Transforming Detection Engineering 「Aurora Mobile Threat Defense」の提供が開始されました Accelerating Cloud Security Outcomes Together: Why Arctic Wolf and Wiz are Redefining What’s Possible - Arctic Wolf InfoSecurity Europe 2026 OpenAI Daybreak and the Future of Secure Software Development - Arctic Wolf OpenAI Daybreak and the Future of Secure Software Development Turning Security Telemetry Into Actionable Insights | Arctic Wolf Detecting Identity Attacks at Scale with Herd Immunity Detecting Identity Attacks at Scale with Herd Immunity | Arctic Wolf arcticwolf.com arcticwolf.com PowerShell Security | Arctic Wolf How to Gain Visibility and Reduce Exposure with Aurora Attack Surface Management arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com Arctic Wolf Introduces the Next Era of Exposure Management to Help Organizations Outpace AI-Accelerated Vulnerability Discovery Arctic Wolf Launches AI-Powered Mobile Threat Defense to Protect Organizations Against Growing Mobile-based Cyber Threats Aurora Mobile Threat Defense is Now Available Turning Visibility Into Action: Introducing Aurora Exposure Management Protecting Against IOT Security Risks | Arctic Wolf CVE-2026-0300 — Critical Buffer Overflow in PAN-OS User-ID Authentication Portal IoT Security Risks | Arctic Wolf arcticwolf.com Should Your Organization Rely on XDR? | Arctic Wolf 止まらないランサムウェア被害 - Qilinの事案から読み解く、検知、対応と経営判断 arcticwolf.com Why Cybersecurity Still Matters Even If AI Improves Secure Development | Arctic Wolf Aurora® Attack Surface Management For Healthcare arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com CVE-2026-41940: Critical Exploited Authentication Bypass Vulnerability in cPanel & WHM Why Vulnerability Prioritization Requires More Than a Score | Arctic Wolf Token Bingo: Don’t Let Your Code be the Winner EFM Philadelphia IT Symposium MN Bankers Operations and Technology Conference SecureMiami 2025 Cyber Identity Summit – Ottawa MISA Exec Summit – Victoria Arkansas IT Symposium – efmEvents Cybersecurity Summit – Boston Houston Technology Summit – elevateIT Nevada Public Sector Cybersecurity Summit SecureWorld Philadelphia Nick Schneider of Arctic Wolf named Entrepreneur Of The Year® 2026 Heartland finalist by EY US arcticwolf.com arcticwolf.com Introducing Decipio: A Community Tool to Catch Credential Theft in the Act with Defense First AI Arctic Wolf Introduces Decipio, a Community Tool to Catch Credential Theft with Defense‑First AI Proxy Server Endpoint Endpoint Detection and Response AIマルウェアの急増:その挙動、攻撃主体の特定、防御体制の備え arcticwolf.com arcticwolf.com Project Glasswing Marks a Turning Point for Cybersecurity Frontier AI Models Mark a Turning Point for Cybersecurity arcticwolf.com arcticwolf.com Building Cyber Resilience with Arctic Wolf: A Practical Approach for Security Leaders Arctic Wolf、東映デジタルラボ株式会社を Aurora Managed Endpoint Defenseで保護 Arctic Wolf Named a 2026 Gartner® Peer Insights™ Customers’ Choice for Managed Detection and Response arcticwolf.com
Mini Shai-Hulud: Supply Chain Malware Attack
Arctic Wolf · 2026-05-13 · via Arctic Wolf

Arctic Wolf Security Bulletin

Arctic Wolf Security Bulletin

A coordinated supply chain attack has compromised dozens of npm and PyPi packages across major projects using GitHub Actions cache poisoning and token exfiltration techniques.

Arctic Wolf Security Bulletin

Threat Summary

A coordinated supply chain attack—tracked as the Mini Shai-Hulud campaign and attributed to the TeamPCP threat actor—has compromised dozens of npm and PyPi packages across major projects (including TanStack, UiPath, Mistral AI, guardrails-ai, and others) using GitHub Actions cache poisoning and token exfiltration techniques. Malicious versions, published May 11–12, 2026, include Trojanized JavaScript and Python code leveraging preinstall/import hooks, Bun runtime stages, and persistence daemons (e.g., gh-token-monitor) to steal CI/CD, cloud, and developer credentials. Attacker C2 infrastructure includes custom domains. Session messaging, and GitHub repo exfiltration, with redundant failovers ensures persistence and stealth.

The attack chain began with exploitation of mutable CI workflow triggers and GitHub cache keys, allowing the deployment of poisoned dependencies that would execute malicious hooks during install or import. Victims span global software, cloud, and enterprise DevOps pipelines, with notable impact to AI, cloud security, and infrastructure projects. Organizations are advised to treat any system that installed affected package versions as fully compromised. Credential exposure, downstream re-infection risk, and—even more seriously—destructive wiper payloads (triggered on certain geo-locations or credential revocation) are known aspects of this campaign.

Initial indicators emerged May 11, 2026, with rapid security research and vendor acknowledgment within 24-48 hours. However, dozens of malicious releases were live on npm and PyPi registries for over 12–36 hours before quarantine. Large-scale credential and secret leakage, including CI/CD, cloud API keys, SSH keys, and more, is probable for any environment exposed. Threat activity remains ongoing, with threat actors pursuing credential theft and extortion/ransom strategies in some cases.

Multiple supply chains are affected: npm, PyPi, GitHub Actions, Docker, and VS Code extensions. With both Linux and macOS daemons deploying persistence and destructive options, the threat is broad, sophisticated, and likely to propagate further if not remediated. No government CERT advisories are yet available; industry and vendor postmortems are the primary authoritative guidance at this time.

Recommendations

Immediate (First 24 Hours):

  • Audit and Remove Compromised Packages: Uninstall any of the affected package versions from all production, CI/CD, and developer systems. Scan all lockfiles, manifests, containers, and CI caches for traces of the compromised package versions listed.
  • Rotate All Credentials: Immediately rotate all access/secret keys, tokens, passwords, and OIDC credentials present on affected systems, including cloud provider (AWS, GCP, Azure), GitHub, npm, PyPi, and SSH credentials.
  • Hunt for Persistence Artifacts
    • If an infection is suspected, review your filesystem for the following artifacts:
      • Linux: ~/.config/systemd/user/gh-token-monitor.service 
      • macOS: ~/Library/LaunchAgents/com.user.gh-token-monitor.plist 
      • Look for files like router_init.js, setup.mjs, .pth Python files (LiteLLM/Telnyx), .claude/settings.json, and .vscode/tasks.json.

Short-term (Next 48 Hours):

  • Patch and Update: For all affected vendors:
    • TanStack: Roll back to pre-May 11, 2026, package versions; follow TanStack’s postmortem guidance.
    • Mistral AI: Upgrade to versions after2.4 (npm) and 2.4.6 (PyPi).
    • guardrails-ai: Upgrade to at least5.10; remove 0.10.1 if present.
    • UiPath: Monitor for official patches; in the meantime, avoid @uipath/* npm packages from the compromised window.
  • Rebuild and Revalidate:
    • Fully redeploy from trusted sources (e.g., source code, not artifact caches or images from compromised builds).
    • Clean or invalidate any CI artifact or dependency caches (npm, pip, Docker, etc.).
  • Credential Hygiene:
    • Audit for unauthorized GitHub repository creation with descriptions such as “A Mini Shai‑Hulud has Appeared.”
    • Enforce organization-wide credential rotation and enforce MFA everywhere secrets were at risk.

Long-term / Strategic:

  • Harden CI/CD Systems:
    • Consider setting a minimum release age. JavaScript package management tools such as npm, pnpm, Yarn, and Bun have recently added a minimumReleaseAge  configuration option, which set a minimum age for newly published packages. Setting this value to a day or longer makes it less likely that malicious packages will be installed.
    • Avoid using pull_request_target except where absolutely necessary; never allow untrusted PR code to manipulate shared caches.
    • Pin all GitHub Actions and workflow steps to immutable commit SHAs (never to tags or branches).
    • Segregate cache keys for trusted (merge/release) vs. untrusted (PR) workflows.
  • Supply Chain Controls:
    • Implement dependency pinning and regular SCA (software composition analysis) with alerting on new, untrusted package versions.
    • Lock down workflow file access using CODEOWNERS and security policy review.
    • Use OIDC-based dynamic credentials for builds; never persist credentials on runners.
  • User & EDR Training:
    • Instruct developers to inspect for .pth files or suspicious startup artifacts.
    • Deploy EDR/AV rules for artifacts (hashes, filenames, domains) listed under IOCs and monitor for anomalous install-time behavior.
  • Incident Response Readiness:
    • Document recovery procedures, including environment wipes and secure re-provisioning, as malware poses destructive threats on token revocation or geo-trigger.

Temporary Workarounds

General/CI-Level Workarounds Until All Environments Are Patched:

  • Disable Shared Caching in CI: Temporarily set package-manager-cache: false in actions/setup-node for npm and disable pip caching where possible; isolate or clear caches on every run.
  • Pin Dependency Versions: Lock dependencies to trusted/verified versions in package-lock.json, txt, etc.
  • Monitor for Preinstall Import Hooks: Block all new packages that introduce preinstall or postinstall scripts; review changes in dependency trees carefully.
  • Offline/Manual Reviews: For critical builds, perform offline verification of ALL dependencies, and avoid auto-updating or unverified third-party packages.
  • Persistence Clean-Up: Remove any persistence artifacts (e.g., gh-token-monitor services, .pth files) detected during audits.

Known Limitations:

  • Disabling cache may slow down CI/CD pipelines.
  • Pinning versions does not protect from already-compromised environments; full credential rotation is required.
  • New persistence mechanisms may evade simple deletion; some artifacts may exist outside standard dependency paths.

Affected Packages:

The affected packages are listed here:

References

Share this post:

What to read next