惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Full Disclosure
Recorded Future
Recorded Future
T
Tenable Blog
S
Securelist
C
CERT Recently Published Vulnerability Notes
T
Threatpost
S
Schneier on Security
A
Arctic Wolf
The Hacker News
The Hacker News
C
CXSECURITY Database RSS Feed - CXSecurity.com
Know Your Adversary
Know Your Adversary
P
Privacy International News Feed
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The Register - Security
The Register - Security
Cisco Talos Blog
Cisco Talos Blog
AWS News Blog
AWS News Blog
K
Kaspersky official blog
T
True Tiger Recordings
T
Threat Research - Cisco Blogs
V
Vulnerabilities – Threatpost
P
Palo Alto Networks Blog
T
The Exploit Database - CXSecurity.com
小众软件
小众软件
B
Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Microsoft Azure Blog
Microsoft Azure Blog
Cyberwarzone
Cyberwarzone
C
Cybersecurity and Infrastructure Security Agency CISA
T
Tor Project blog
Spread Privacy
Spread Privacy
Malwarebytes
Malwarebytes
P
Proofpoint News Feed
F
Fox-IT International blog
F
Fortinet All Blogs
P
Privacy & Cybersecurity Law Blog
G
GRAHAM CLULEY
量子位
Latest news
Latest news
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 叶小钗
Project Zero
Project Zero
T
Tailwind CSS Blog
N
Netflix TechBlog - Medium
Martin Fowler
Martin Fowler
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
I
Intezer
博客园_首页
腾讯CDC
H
Hackread – Cybersecurity News, Data Breaches, AI and More
D
Darknet – Hacking Tools, Hacker News & Cyber Security

Step Security Blog

Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets Megalodon: Mass GitHub Actions Secret Exfiltration Across 5,500+ Public Repositories - StepSecurity Dev Machine Guard Now Scans Extensions Across Every Modern IDE - StepSecurity 5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough - StepSecurity Dev Machine Guard Now Supports Windows - StepSecurity Microsoft's durabletask PyPI Package Compromised in Supply Chain Attack Shai-Hulud: Here We Go Again. Mass npm Supply Chain Attack Hits the AntV Ecosystem - StepSecurity Compromised atool npm Account Delivers CI/CD Credential Stealer Across 24 Packages (echarts-for-react package, timeago.js) actions-cool/issues-helper GitHub Action Compromised: All Tags Point to Imposter Commit That Exfiltrates CI/CD Credentials Nx Console VS Code Extension Compromised Introducing Secure Registry: install-time defense for the npm supply chain - StepSecurity Active Supply Chain Attack: Malicious node-ipc Versions Published to npm - StepSecurity Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages Shai-Hulud Worm Pivots to Multi-Cloud: intercom-client@7.0.4 Hijacked — 361,000 Weekly Downloads, AWS, GCP, and Azure Credentials Now in Scope - StepSecurity lightning: Obfuscated JavaScript Credential Stealer Bundled in PyPI Wheel - StepSecurity A Mini Shai-Hulud has Appeared: Obfuscated Bun Runtime Payloads Hit SAP-Related npm Packages - StepSecurity elementary-data Compromised on PyPI and GHCR: Forged Release Pushed via GitHub Actions Script Injection - StepSecurity Bitwarden CLI Hijacked on npm: Bun-Staged Credential Stealer Targets Developers, GitHub Actions, and AI Tools - StepSecurity TeamPCP Injects Two-Stage Credential Stealer into xinference PyPI Package - StepSecurity CanisterSprawl: pgserve Compromised on npm: Malicious Versions Harvest Credentials and Exfiltrate to a Decentralized ICP Canister - StepSecurity Announcing Dependabot Configuration Enhancements: Cooldown and Group Support - StepSecurity Securing Vibe Coding and AI Coding Agents: An End-to-End Approach with StepSecurity - StepSecurity Introducing StepSecurity Dev Machine Guard: Protecting Developer Machines from Supply Chain Attacks - StepSecurity Top 2024 Predictions for CI/CD Security - StepSecurity Dev Machine Guard Is Now Open Source: See What's Really Running on Your Developer Machine - StepSecurity Datadog's DevSecOps 2026 Report Validates What We've Been Building - StepSecurity hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far - StepSecurity Cline Supply Chain Attack Detected: cline@2.3.0 Silently Installs OpenClaw - StepSecurity StepSecurity’s Unified Protection Across the SDLC Infrastructure Threat Framework (SITF) - StepSecurity @velora-dex/sdk Compromised on npm: Malicious Version Drops macOS Backdoor via launchctl Persistence - StepSecurity axios Compromised on npm - Malicious Versions Drop Remote Access Trojan - StepSecurity Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack - StepSecurity 10 Layers Deep: How StepSecurity Stops TeamPCP's Trivy Supply Chain Attack on GitHub Actions - StepSecurity Malicious IoliteLabs VSCode Extensions Target Solidity Developers on Windows, macOS, and Linux with Backdoor - StepSecurity TeamPCP Plants WAV Steganography Credential Stealer in telnyx PyPI Package - StepSecurity litellm: Credential Stealer Hidden in PyPI Wheel - StepSecurity Checkmarx KICS GitHub Action Compromised: Malware Injected in All Git Tags - StepSecurity CanisterWorm: How a Self-Propagating npm Worm Is Spreading Backdoors Across the Ecosystem - StepSecurity Trivy Compromised a Second Time - Malicious v0.69.4 Release, aquasecurity/setup-trivy, aquasecurity/trivy-action GitHub Actions Compromised - StepSecurity bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys - StepSecurity Malicious npm Releases Found in Popular React Native Packages - 130K+ Monthly Downloads Compromised - StepSecurity Malicious Polymarket Bot Hides in Hijacked dev-protocol GitHub Org and Steals Wallet Keys - StepSecurity ForceMemo: Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push - StepSecurity xygeni-action Compromised: C2 Reverse Shell Backdoor Injected via Tag Poisoning - StepSecurity kubernetes-el Compromised: How a Pwn Request Exploited a Popular Emacs Package - StepSecurity How StepSecurity Caught a Release Storm in Microsoft’s @types Packages - StepSecurity Harden Runner Now Supports Windows and macOS GitHub Actions Runners - StepSecurity 10,000 Open-Source Projects Now Secured by Harden-Runner Community-Tier: A Milestone Three Years in the Making - StepSecurity 20+ Popular NPM Packages Compromised (Chalk, Debug, Strip-ANSI, Color-Convert, Wrap-ANSI...) - StepSecurity 2024 in Review: The Evolution of CI/CD Security & What's Next - StepSecurity How to Use Docker in Actions Runner Controller (ARC) Runners Securely - StepSecurity Celebrating 1000 Repositories Secured with Harden Runner: A Journey of Growth and Collaboration - StepSecurity StepSecurity Detects Early Supply Chain Risk Signals in kilocode npm - StepSecurity Another npm Supply Chain Attack: The 'is' Package Compromise - StepSecurity anthropics/claude-code-action Security: How to Secure Claude Code in GitHub Actions with Harden-Runner - StepSecurity Harden-Runner detection: tj-actions/changed-files action is compromised - StepSecurity StepSecurity's Catalog of Fixes - StepSecurity Orchestrating Security: StepSecurity's Impact on 400+ Repositories and Future Plans - StepSecurity Announcing Anomalous Outbound Call Detection Using Machine Learning - StepSecurity Announcing GitHub Actions Advisor and StepSecurity Maintained Actions - StepSecurity Analysis of Backdoored XZ Utils Build Process with Harden-Runner - StepSecurity Announcing General Availability of Harden Runner - StepSecurity Milestone Achieved: 2500+ Public Repositories Secured with Harden-Runner - StepSecurity Build secretless CI/CD pipelines using wait-for-secrets - StepSecurity Introducing Apps & PATs: Centralized Visibility for GitHub Apps and Personal Access Tokens - StepSecurity CVE-2026-22709: Critical Sandbox Escape Vulnerability in vm2 - StepSecurity StepSecurity Now Supports Dark Mode - StepSecurity 2025 in Review: The Evolution of Supply Chain Security & What's Next - StepSecurity Bake Harden-Runner Into GitHub's Custom Runner Images for Organization-Wide CI/CD Security - StepSecurity StepSecurity Is Now Available on Azure Marketplace - StepSecurity Critical Remote Code Execution Vulnerabilities Discovered in React Server Components and Next.js - StepSecurity How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository - StepSecurity Sha1-Hulud: The Second Coming - Zapier, ENS Domains, and Other Prominent NPM Packages Compromised - StepSecurity Supply Chain Security Alert: eslint-config-prettier Package Shows Signs of Compromise - StepSecurity 9,000 Open-Source Projects Now Secured by Harden-Runner - StepSecurity Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages - StepSecurity Introducing npm Package Search: Find Where Any Package Was Introduced Across Your GitHub Organizations - StepSecurity StepSecurity Is Sponsoring GitHub Universe 2025 - StepSecurity s1ngularity: Popular Nx Build System Package Compromised with Data-Stealing Malware - StepSecurity Introducing StepSecurity Threat Intelligence: Real-Time Supply Chain Attack Alerts for Your SIEM - StepSecurity 8,000 Strong: Harden-Runner's Growing Impact on CI/CD Security - StepSecurity Securing Google Gemini in GitHub Actions with Harden-Runner - StepSecurity GhostAction Campaign: Over 3,000 Secrets Stolen Through Malicious GitHub Workflows - StepSecurity Introducing the NPM Package Cooldown Check - StepSecurity Securing GitHub Copilot in GitHub Actions with Harden-Runner - StepSecurity Calculate Your CI/CD Security ROI with StepSecurity's New ROI Calculator - StepSecurity How StepSecurity Harden Runner Detected Unexpected Microsoft Defender Installation on GitHub-hosted Ubuntu Runners - StepSecurity StepSecurity Harden Runner: Detect source code tampering during the build process - StepSecurity Suspicious Tag Movement in AWS’s GitHub Action: What Happened and Why It Matters - StepSecurity When 'Changed Files' Changed Everything: Our Black Hat 2025 Presentation on the tj-actions Supply Chain Breach - StepSecurity Lessons from AWS CodeBuild’s Memory-Dump Incident (CVE-2025-8217) - StepSecurity Supply Chain Security Alert: num2words PyPI Package Shows Signs of Compromise - StepSecurity When AI Meets CI/CD: Coding Agents in GitHub Actions Pose Hidden Security Risks - StepSecurity The GitHub Warning Everyone Ignores: 'This Commit Does Not Belong to Any Branch' - StepSecurity 8 GitHub Actions Secrets Management Best Practices to Follow - StepSecurity reviewdog GitHub Actions are compromised - StepSecurity 7,000 Open-Source Projects Now Secured by Harden-Runner - StepSecurity Replace Third-Party Actions with StepSecurity Maintained Actions via Automated Pull Requests - StepSecurity StepSecurity Is Now Available on AWS Marketplace - StepSecurity Introducing StepSecurity Artifact Monitor: Detect Unauthorized Software Releases in minutes, not months - StepSecurity
Dev Machine Guard Now Supports Linux - StepSecurity
2026-05-20 · via Step Security Blog

With this release, Dev Machine Guard runs natively on Linux. Combined with the macOS and Windows builds already in the field, the same scanning engine now covers every developer machine in your fleet.

If you already use Dev Machine Guard on macOS or Windows, there is nothing new to learn. Install the .deb or .rpm, point it at your tenant, and your Linux developers start appearing in the dashboard alongside everyone else.

Why Linux Coverage Matters

Linux is the operating system of choice for the developers most likely to hold the keys to production:

  • Backend engineers, SREs, and platform teams running staging environments locally
  • AI and machine-learning developers who need GPU access and CUDA toolchains
  • Open-source maintainers shipping packages used by millions of downstream projects
  • Security researchers and DevOps teams working in production-mirrored environments

These are exactly the developer machines an attacker most wants to compromise. They hold publishing tokens for npm and PyPI, SSH keys into production, GitHub credentials with elevated scopes, and direct access to CI/CD systems. Yet for many organizations, Linux developer machines have been the least-monitored corner of the fleet, falling between a traditional MDM that does not understand developer workflows and an EDR that does not understand supply chain risk.

Until this release, security teams running mixed fleets had a real visibility gap. macOS and Windows developer machines were inventoried by Dev Machine Guard, while Linux machines were either covered by partial scripts or not covered at all. That gap is exactly what attackers target during a supply chain incident, when the question "which of our developers actually have this compromised package or extension installed?" needs an answer in minutes, not days.

Real Incidents That Drove This Work

Dev Machine Guard exists because supply chain attacks against developer machines are no longer hypothetical. In the last twelve months alone, our research team has tracked:

  • The Shai-Hulud npm worm campaign, which compromised 500+ packages and earned a CISA advisory, propagating through CI/CD pipelines and developer environments alike
  • The s1ngularity Nx compromise, which weaponized AI CLI tools on developer machines (most of them Linux and macOS) to exfiltrate credentials
  • The Mini Shai-Hulud wave hitting TanStack and other widely used npm packages, including OIDC token theft from GitHub Actions runners

In each incident, the hardest follow-up question was the same:

Which developer machines in our organization have the affected package, extension, or agent installed right now?

On macOS and Windows, Dev Machine Guard already answered that in one query. With Linux support, security teams can now answer it across the entire fleet from the same dashboard.

What Is Included in This Release

Platform

  • Linux on AMD64 (x86_64), shipped as both .deb and .rpm packages
  • Tested on Debian and RPM based of distributions
  • All release artifacts signed with Sigstore, with build provenance attestations

Coverage

  • AI coding agents installed on the machine, including Claude, Cursor, GitHub Copilot, and Codex
  • AI CLI tools running on the machine
  • IDE extensions from both the VS Code Marketplace and the OpenVSX registry, across VS Code, Cursor, Windsurf, and JetBrains products
  • JetBrains IDEs (IntelliJ IDEA, PyCharm, GoLand, WebStorm, RubyMine, CLion, Rider, PhpStorm, DataGrip, RustRover, Aqua, DataSpell, AppCode)
  • MCP server configurations across supported agents
  • npm packages, both globally installed and per-project
  • Linux system packages, including rpm, dpkg, pacman, apk, snap, flatpak  
  • Local frameworks, processes, and shell tooling
  • Device inventory: hostname, distro and kernel version, BIOS serial number

How Linux detections work

Dev Machine Guard uses native Linux mechanisms instead of trying to emulate macOS conventions:

  • Application discovery uses /opt/, /usr/share/*.desktop entries, and $PATH lookups
  • Device identity is derived from the BIOS serial number, since Linux does not expose a macOS-style hardware serial
  • Scheduled scanning uses a systemd user timer, installed under the developer's own user account. No root daemon, no system-wide service, no manual unit-file editing
  • Package detection uses each manager's native query: rpm -qa for RPM, snap list for Snap, flatpak list for Flatpak

Modes

  • Community mode runs fully locally, with nothing leaving the machine
  • Enterprise mode reports scan results to the StepSecurity backend for centralized visibility, policy enforcement, and historical reporting. The tier model is identical to macOS and Windows.

How To Get Started

For full rollout guidance, see the Installation Script documentation.

Community Tier

For individual developers and open-source maintainers, the open-source binary is free and runs entirely locally. It produces a JSON or HTML report of everything installed on the machine, with no data sent anywhere.

The GitHub repository, including all detection logic, is available at github.com/step-security/dev-machine-guard.

Enterprise Tier

For organizations rolling out across a Linux developer fleet, the Enterprise Tier adds:

  • Centralized dashboard with per-device drill-down
  • Policy enforcement for IDE extensions, MCP servers, AI agents, and packages
  • Cooldown periods on newly published npm and PyPI packages
  • Alerting on compromised dependencies, malicious extensions, and unapproved MCP servers
  • Historical reporting and incident triage across the entire fleet

👉 Start your free trial

One Engine, Every Developer Machine

Dev Machine Guard is built around a single open-source scanning engine. The same binary now runs on macOS, Windows, and Linux. The same detections are added once and benefit every platform. The same policies apply across your fleet from one dashboard.

If you have been waiting for Linux coverage before rolling Dev Machine Guard out to your full developer organization, this is the release that closes the gap. Try it on your Linux machines, and let us know what you find.

If you run into any issues or have detection suggestions, please open an issue at github.com/step-security/dev-machine-guard/issues.

Welcome to Linux.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。