惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Secure Thoughts
Recent Commits to openclaw:main
Recent Commits to openclaw:main
H
Heimdal Security Blog
SecWiki News
SecWiki News
H
Hacker News: Front Page
N
News | PayPal Newsroom
L
LINUX DO - 最新话题
N
News and Events Feed by Topic
TaoSecurity Blog
TaoSecurity Blog
AI
AI
C
Cybersecurity and Infrastructure Security Agency CISA
Scott Helme
Scott Helme
PCI Perspectives
PCI Perspectives
S
Securelist
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Cyberwarzone
Cyberwarzone
A
Arctic Wolf
Forbes - Security
Forbes - Security
T
Tor Project blog
Spread Privacy
Spread Privacy
WordPress大学
WordPress大学
I
Intezer
Martin Fowler
Martin Fowler
Help Net Security
Help Net Security
P
Proofpoint News Feed
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Cisco Talos Blog
Cisco Talos Blog
Latest news
Latest news
博客园 - 司徒正美
W
WeLiveSecurity
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
V
V2EX
P
Palo Alto Networks Blog
Google DeepMind News
Google DeepMind News
IT之家
IT之家
阮一峰的网络日志
阮一峰的网络日志
V
Vulnerabilities – Threatpost
Jina AI
Jina AI
S
Security Affairs
Hacker News - Newest:
Hacker News - Newest: "LLM"
Simon Willison's Weblog
Simon Willison's Weblog
Project Zero
Project Zero
T
Threatpost
P
Privacy International News Feed
人人都是产品经理
人人都是产品经理
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Application and Cybersecurity Blog
Application and Cybersecurity Blog
博客园 - Franky
Hugging Face - Blog
Hugging Face - Blog
Apple Machine Learning Research
Apple Machine Learning Research

Step Security Blog

Securing Vibe Coding and AI Coding Agents: An End-to-End Approach with StepSecurity - StepSecurity Introducing StepSecurity Dev Machine Guard: Protecting Developer Machines from Supply Chain Attacks - StepSecurity Top 2024 Predictions for CI/CD Security - StepSecurity Dev Machine Guard Is Now Open Source: See What's Really Running on Your Developer Machine - StepSecurity Datadog's DevSecOps 2026 Report Validates What We've Been Building - StepSecurity hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far - StepSecurity Cline Supply Chain Attack Detected: cline@2.3.0 Silently Installs OpenClaw - StepSecurity StepSecurity’s Unified Protection Across the SDLC Infrastructure Threat Framework (SITF) - StepSecurity @velora-dex/sdk Compromised on npm: Malicious Version Drops macOS Backdoor via launchctl Persistence - StepSecurity axios Compromised on npm - Malicious Versions Drop Remote Access Trojan - StepSecurity Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack - StepSecurity 10 Layers Deep: How StepSecurity Stops TeamPCP's Trivy Supply Chain Attack on GitHub Actions - StepSecurity Malicious IoliteLabs VSCode Extensions Target Solidity Developers on Windows, macOS, and Linux with Backdoor - StepSecurity TeamPCP Plants WAV Steganography Credential Stealer in telnyx PyPI Package - StepSecurity litellm: Credential Stealer Hidden in PyPI Wheel - StepSecurity Checkmarx KICS GitHub Action Compromised: Malware Injected in All Git Tags - StepSecurity CanisterWorm: How a Self-Propagating npm Worm Is Spreading Backdoors Across the Ecosystem - StepSecurity Trivy Compromised a Second Time - Malicious v0.69.4 Release, aquasecurity/setup-trivy, aquasecurity/trivy-action GitHub Actions Compromised - StepSecurity bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys - StepSecurity Malicious npm Releases Found in Popular React Native Packages - 130K+ Monthly Downloads Compromised - StepSecurity Malicious Polymarket Bot Hides in Hijacked dev-protocol GitHub Org and Steals Wallet Keys - StepSecurity ForceMemo: Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push - StepSecurity xygeni-action Compromised: C2 Reverse Shell Backdoor Injected via Tag Poisoning - StepSecurity kubernetes-el Compromised: How a Pwn Request Exploited a Popular Emacs Package - StepSecurity How StepSecurity Caught a Release Storm in Microsoft’s @types Packages - StepSecurity Harden Runner Now Supports Windows and macOS GitHub Actions Runners - StepSecurity 10,000 Open-Source Projects Now Secured by Harden-Runner Community-Tier: A Milestone Three Years in the Making - StepSecurity 20+ Popular NPM Packages Compromised (Chalk, Debug, Strip-ANSI, Color-Convert, Wrap-ANSI...) - StepSecurity 2024 in Review: The Evolution of CI/CD Security & What's Next - StepSecurity How to Use Docker in Actions Runner Controller (ARC) Runners Securely - StepSecurity Celebrating 1000 Repositories Secured with Harden Runner: A Journey of Growth and Collaboration - StepSecurity StepSecurity Detects Early Supply Chain Risk Signals in kilocode npm - StepSecurity Another npm Supply Chain Attack: The 'is' Package Compromise - StepSecurity anthropics/claude-code-action Security: How to Secure Claude Code in GitHub Actions with Harden-Runner - StepSecurity Harden-Runner detection: tj-actions/changed-files action is compromised - StepSecurity StepSecurity's Catalog of Fixes - StepSecurity Orchestrating Security: StepSecurity's Impact on 400+ Repositories and Future Plans - StepSecurity Announcing Anomalous Outbound Call Detection Using Machine Learning - StepSecurity Announcing GitHub Actions Advisor and StepSecurity Maintained Actions - StepSecurity Analysis of Backdoored XZ Utils Build Process with Harden-Runner - StepSecurity Announcing General Availability of Harden Runner - StepSecurity Milestone Achieved: 2500+ Public Repositories Secured with Harden-Runner - StepSecurity Build secretless CI/CD pipelines using wait-for-secrets - StepSecurity Introducing Apps & PATs: Centralized Visibility for GitHub Apps and Personal Access Tokens - StepSecurity CVE-2026-22709: Critical Sandbox Escape Vulnerability in vm2 - StepSecurity StepSecurity Now Supports Dark Mode - StepSecurity 2025 in Review: The Evolution of Supply Chain Security & What's Next - StepSecurity Bake Harden-Runner Into GitHub's Custom Runner Images for Organization-Wide CI/CD Security - StepSecurity StepSecurity Is Now Available on Azure Marketplace - StepSecurity Critical Remote Code Execution Vulnerabilities Discovered in React Server Components and Next.js - StepSecurity How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository - StepSecurity Sha1-Hulud: The Second Coming - Zapier, ENS Domains, and Other Prominent NPM Packages Compromised - StepSecurity Supply Chain Security Alert: eslint-config-prettier Package Shows Signs of Compromise - StepSecurity 9,000 Open-Source Projects Now Secured by Harden-Runner - StepSecurity Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages - StepSecurity Introducing npm Package Search: Find Where Any Package Was Introduced Across Your GitHub Organizations - StepSecurity StepSecurity Is Sponsoring GitHub Universe 2025 - StepSecurity s1ngularity: Popular Nx Build System Package Compromised with Data-Stealing Malware - StepSecurity Introducing StepSecurity Threat Intelligence: Real-Time Supply Chain Attack Alerts for Your SIEM - StepSecurity 8,000 Strong: Harden-Runner's Growing Impact on CI/CD Security - StepSecurity Securing Google Gemini in GitHub Actions with Harden-Runner - StepSecurity GhostAction Campaign: Over 3,000 Secrets Stolen Through Malicious GitHub Workflows - StepSecurity Introducing the NPM Package Cooldown Check - StepSecurity Securing GitHub Copilot in GitHub Actions with Harden-Runner - StepSecurity Calculate Your CI/CD Security ROI with StepSecurity's New ROI Calculator - StepSecurity How StepSecurity Harden Runner Detected Unexpected Microsoft Defender Installation on GitHub-hosted Ubuntu Runners - StepSecurity StepSecurity Harden Runner: Detect source code tampering during the build process - StepSecurity Suspicious Tag Movement in AWS’s GitHub Action: What Happened and Why It Matters - StepSecurity When 'Changed Files' Changed Everything: Our Black Hat 2025 Presentation on the tj-actions Supply Chain Breach - StepSecurity Lessons from AWS CodeBuild’s Memory-Dump Incident (CVE-2025-8217) - StepSecurity Supply Chain Security Alert: num2words PyPI Package Shows Signs of Compromise - StepSecurity When AI Meets CI/CD: Coding Agents in GitHub Actions Pose Hidden Security Risks - StepSecurity The GitHub Warning Everyone Ignores: 'This Commit Does Not Belong to Any Branch' - StepSecurity 8 GitHub Actions Secrets Management Best Practices to Follow - StepSecurity reviewdog GitHub Actions are compromised - StepSecurity 7,000 Open-Source Projects Now Secured by Harden-Runner - StepSecurity Replace Third-Party Actions with StepSecurity Maintained Actions via Automated Pull Requests - StepSecurity StepSecurity Is Now Available on AWS Marketplace - StepSecurity Introducing StepSecurity Artifact Monitor: Detect Unauthorized Software Releases in minutes, not months - StepSecurity Introducing Workflow Run Policies: Guardrails for Blocking Non-Compliant GitHub Actions Runs - StepSecurity Harden-Runner Detects New Traffic to release-assets.githubusercontent.com Across Multiple Customers - StepSecurity Grafana GitHub Actions Security Incident - StepSecurity Export Harden-Runner Security Insights and Detections to Amazon S3 - StepSecurity Evolving Harden-Runner’s disable-sudo Policy for Improved Runner Security - StepSecurity Announcing Policy-Driven Automated Pull Requests for CI/CD Misconfiguration Remediation - StepSecurity Announcing StepSecurity’s Integration with RunsOn: Secure and Optimized CI/CD Pipelines - StepSecurity Secure Repo Just Got Better: New Features for GitHub Actions Security Best Practices - StepSecurity Why Compliance Auditors Are Looking at Your CI/CD Runners - And How to Prepare - StepSecurity Harden-Runner Flags Anomalous Outbound Call, Leading to Docker Documentation Update - StepSecurity StepSecurity Harden-Runner Now Secures GitHub Actions Workflows for Over 5,000 Open Source Projects - StepSecurity GitHub Actions Pwn Request Vulnerability - StepSecurity Prevent Ultralytics Style CI/CD Security Attacks with Network Security Controls - StepSecurity PyTorch Supply Chain Compromise - StepSecurity Unified Network Egress View: Centralize GitHub Actions Network Destinations for Your Enterprise - StepSecurity Uniting Developers and Security: Celebrating the Success of 500+ Open Source Projects Using StepSecurity's Orchestration Platform - StepSecurity 5 Effective Third-Party GitHub Actions Governance Best Practices - StepSecurity StepSecurity Recognized Among CRN’s "10 Hottest DevOps Startups Of 2024" - StepSecurity Streamline Your GitHub Actions Workflows with StepSecurity’s Latest Feature - StepSecurity StepSecurity Steps Up the Security Game with SOC 2 Type 2 Compliance - StepSecurity StepSecurity's Alignment with CISA's CI/CD Security Guidance - StepSecurity
5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough - StepSecurity
2026-05-21 · via Step Security Blog

Between May 18 and May 19, 2026, the software supply chain experienced one of the most intense 48-hour attack waves ever recorded. Five distinct attacks targeted every layer of the development pipeline: a poisoned VS Code extension with 2.2 million installs, multiple compromised GitHub Actions, hijacked npm packages spreading via a self-replicating worm, and a trojanized PyPI package owned by Microsoft. The campaign culminated in GitHub itself disclosing that approximately 3,800 of its internal source code repositories were exfiltrated.

These are not theoretical risks. Microsoft and GitHub, two of the most security-mature organizations on the planet, were compromised through their software supply chains. Traditional security tooling (SCA scanners, SAST, EDR agents, CNAPP platforms) did not prevent these breaches. These tools were built for a different threat model. They scan source code for known vulnerabilities or monitor production infrastructure for anomalies. They do not monitor what happens inside a CI/CD runner at runtime. They do not track which VS Code extensions are installed on developer laptops. They do not detect when a trusted GitHub Action's tags are silently replaced with malicious imposter commits.

Stopping these attacks requires a solution built from first principles for the software supply chain, one that understands how developers build, how pipelines run, and where secrets flow.

The 48-Hour Timeline

The sheer density of incidents in this window is what makes the situation so alarming. Here is what unfolded.

IDE Extension Compromised Victim: GitHub: 3,800 internal repos exfiltrated

Nx Console VS Code Extension Compromised

Malicious v18.95.0 published to the VS Code Marketplace (2.2M+ installs). Multi-stage credential stealer with HTTPS, GitHub API, and DNS tunneling exfiltration channels. Persistent Python backdoor installed on macOS. GitHub employee device compromised via this vector, leading to exfiltration of ~3,800 internal repositories.

GitHub Action Compromised

actions-cool/issues-helper & maintain-one-comment Compromised

All tags in both repositories replaced with imposter commits. Malicious code uses bun to read Runner.Worker process memory and exfiltrate CI/CD credentials to attacker-controlled domain t.m-kosche.com. Every workflow referencing these actions by version tag is affected.

npm Worm Active

Shai-Hulud Worm Hits AntV Ecosystem & Dozens More

Self-replicating worm compromises packages across Alibaba's AntV data visualization ecosystem, echarts-for-react, timeago.js (1.5M weekly downloads), and dozens more. Reads GitHub Actions runner process memory, harvests credentials from 130+ file paths, and uses stolen npm tokens to propagate to new packages. Attack is ongoing.

PyPI Package Compromised Victim: Microsoft

Microsoft's durabletask PyPI Package Compromised

Three malicious versions of Microsoft's official Durable Functions SDK (400K+ monthly downloads) published within 35 minutes. Payload steals credentials from AWS, Azure, GCP, Kubernetes, password managers, and 90+ developer tool configs. Linked to TeamPCP threat group. Skips systems with Russian locale.

Breach Disclosure Confirmed Victim: GitHub

GitHub Discloses Breach of Internal Repositories

GitHub publicly confirms that ~3,800 internal repositories were exfiltrated after an employee device was compromised by a poisoned VS Code extension. Critical secrets rotated. Investigation ongoing.

These incidents follow a pattern that has been building for months. The node-ipc compromise on May 14 hit a package with 10 million weekly downloads. The Trivy GitHub Action compromise and Checkmarx KICS compromise in March demonstrated the same imposter commit technique now being used at scale. The adversaries have a proven, repeatable playbook, and they are accelerating.

The Entire Pipeline Is Under Attack

What makes this wave different from previous supply chain incidents is the diversity of attack vectors. These are not just malicious npm packages. The attackers targeted every stage of the software development and delivery pipeline, from the IDE on a developer's laptop to the CI/CD runner that deploys to production.

Attack Surface Map

Every layer of the pipeline was hit

Developer machine

IDE extensions, local dev tools

Nx Console VS Code Extension

Dependencies

npm, PyPI packages

durabletask, Shai-Hulud, node-ipc

CI/CD pipeline

GitHub Actions, build systems

actions-cool, Trivy, KICS

Attackers are not targeting one layer. They are targeting all of them simultaneously.

Consider the range of tools targeted in this wave alone. On one end, a VS Code extension, something that runs on individual developer laptops and has nothing to do with CI/CD or package registries. On the other end, a self-replicating npm worm that uses stolen tokens to propagate itself across the ecosystem. In between: imposter commits in GitHub Actions, trojanized PyPI packages published using compromised credentials for an official Microsoft SDK. The common thread is not the vector. It is the objective: steal credentials, exfiltrate secrets, and establish persistent access across the software supply chain.

The diversity matters because it exposes a fundamental gap in how most organizations think about supply chain security. If your strategy is built around a single control, whether that is a secure registry, a package scoring system, or a set of GitHub checks, you are only covering one layer of a multi-layer attack surface. A secure registry would not have stopped the Nx Console VS Code extension compromise. Package scoring would not have flagged actions-cool/issues-helper, which was a legitimate, trusted GitHub Action before its tags were hijacked. None of these controls operate at the CI/CD runtime layer where credentials are actually stolen from process memory.

Why Traditional Tools and Point Solutions Fall Short

The effectiveness of these supply chain attacks is not because attackers are using exotic techniques. It is because the attacks happen in environments that traditional security tools were never designed to monitor.

SCA (Software Composition Analysis) tools scan your dependency manifests for known CVEs. They are valuable, but they are reactive. A compromised package that has not yet been reported as a CVE, like durabletask during the 35-minute window between publication and discovery, sails right through. SAST tools analyze your source code, not the code running inside your CI/CD runner at build time. EDR agents protect production servers and employee laptops, but they do not run on ephemeral GitHub Actions runners. CNAPP platforms monitor cloud workloads, not the pipelines that deploy to them.

The same gap applies to point solutions that focus narrowly on one aspect of supply chain security. Package scoring and secure registries are useful controls for the dependency layer. They can flag suspicious npm or PyPI packages and enforce cooldown periods before new versions are consumed. But they represent one layer of defense for one attack vector. They do not provide:

Runtime security for CI/CD pipelines. When a compromised GitHub Action spawns a Python process that reads /proc/pid/mem to extract secrets from the Runner.Worker process, no package scanner or registry policy can detect or block that behavior. You need a runtime security agent on the CI/CD runner itself, one that monitors process behavior, enforces network egress policies, and can terminate jobs when anomalous activity is detected.

Visibility into developer machines. When a poisoned VS Code extension runs on a developer's laptop, stealing tokens from GitHub, npm, AWS, and 1Password, no CI/CD-focused tool has visibility into that environment. You need an agent that inventories IDE extensions, detects malicious behavior on developer workstations, and provides real-time search across your fleet when a new compromise is announced.

Ecosystem-wide threat intelligence and automated response. When a compromise is discovered, the first question is: "Are we affected?" If your tooling only covers package dependencies, you cannot answer that question for GitHub Actions, IDE extensions, or CI/CD runtime behavior. You need a platform that provides a unified view across all these vectors and can automatically block known compromised components before they execute.

The lesson from these 48 hours is clear: securing the software supply chain requires defense in depth across the full pipeline, not a single checkpoint at the registry layer.

StepSecurity's Research: Near Real-Time Detection, Community-Wide Impact

StepSecurity's threat intelligence team is consistently among the first in the industry to discover, analyze, and publicly report software supply chain compromises. The team uses a purpose-built combination of AI-powered monitoring and runtime analysis to detect breaches in near real-time. This approach, powered by the same Harden Runner telemetry and ecosystem monitoring that protects customers, enables StepSecurity to identify compromises as they happen rather than after they have already spread.

In this wave alone, StepSecurity published detailed analysis of the Nx Console VS Code extension compromise, the actions-cool/issues-helper GitHub Action compromise, the Microsoft durabletask PyPI attack, and the latest Shai-Hulud worm campaign, in each case being one of the first companies to report the incident with full technical details and IOCs. Earlier this year, StepSecurity was among the first to report on the axios npm compromise, the Trivy GitHub Action compromise, and earlier waves of the Shai-Hulud campaign. Several of these reports have been credited and cited by maintainers, CISA, and the broader security community.

This research is not just thought leadership. It feeds directly into the StepSecurity platform. When the threat intelligence team publishes IOCs for a new compromise, those indicators are immediately available in the Threat Center, integrated into Compromised Actions policies, and used by Harden Runner to block exfiltration to known malicious domains. The time between discovery and automated protection across all customer environments is measured in minutes.

How StepSecurity Covers the Full Pipeline

The StepSecurity platform was built from the ground up to secure the software supply chain end to end. Rather than focusing on a single layer, it provides independent security controls at every stage of the development and delivery pipeline. These controls work together so that even if an attacker bypasses one layer, they are caught at the next. Here is how each control maps to the attacks from the past 48 hours.

Attack Dev Machine Guard Harden Runner Compromised Actions Policy Threat Center Secure Registry Package Search GitHub Checks
Nx Console VS Code Extension
actions-cool GitHub Actions
Shai-Hulud npm Worm
Microsoft durabletask (PyPI)
GitHub Breach (via VS Code ext.)

The matrix above tells the story. No single column covers every row. But every row has multiple checkmarks. That is defense in depth in practice. Here is what each control does.

Dev Machine Guard provides two critical detection capabilities for developer workstations. First, it maintains a real-time inventory of IDE extensions and developer tools across your fleet. When a dev tool compromise like the Nx Console extension is announced, you can immediately search whether any developer in your organization has the affected version installed. This is the control that addresses the attack vector that breached GitHub, and it is one that no CI/CD-only solution can replicate. Second, it inventories npm, Python, and other open-source packages installed on developer machines, so when a compromised package like durabletask or a Shai-Hulud worm target is identified, you can determine exposure across your developer environment before those packages ever reach a build pipeline.

Harden Runner is the runtime security agent for GitHub Actions. It monitors process behavior and enforces network egress policies on CI/CD runners. In block mode, it prevents credential exfiltration by dropping connections to any domain not on the allowlist. In audit mode, it flags anomalous connections and process behavior. When the compromised actions-cool action or the Shai-Hulud worm attempts to read /proc/pid/mem and POST stolen secrets to an attacker-controlled domain, Harden Runner detects and blocks that behavior at runtime. This is the layer that package scanners and secure registries cannot provide.

Compromised Actions Policy acts as a pre-execution gate. Once the StepSecurity Threat Center identifies a compromised GitHub Action, the policy automatically cancels any workflow run that references it, across your entire organization. This provides immediate protection in the window between discovery and when individual teams update their workflow files.

Threat Center delivers real-time notifications when new supply chain compromises are identified. It integrates with SIEM platforms (Splunk, Sentinel) and notification channels so the right people on your team are alerted the moment a new incident is published.

Secure Registry (Beta) acts as a proxy between your builds and public package registries. By applying a cooldown policy, freshly published package versions are held back until they have been evaluated, preventing the scenario where a malicious version is pulled and installed within minutes of publication, as happened with Microsoft's durabletask.

Package Search scans your default branch and open pull requests for known compromised npm, PyPI, and other open-source packages. When a malicious package version is identified, Package Search flags every repository in your organization that references it, covering both code that is already merged and code that is in review. For the Shai-Hulud worm and the durabletask compromise, this provides immediate visibility into which repositories have the affected dependency in their lockfiles or manifests.

GitHub Checks enforce cooldown period verification, pwn request detection, and script injection analysis on every pull request, catching supply chain risks before they reach your main branch.

The diagram below shows how these controls map to the attack lifecycle. Click any layer to see how it applies to the incidents from the past 48 hours.

StepSecurity Platform

Defense in depth across the full attack lifecycle

PreventionBlock the attack before it ever executes

Harden Runner: Network Egress Block Mode

Blocks all outbound connections not on the allowlist. Stops exfiltration before data leaves the runner.

How it applies: The actions-cool malware tried to POST stolen secrets to t.m-kosche.com. The Shai-Hulud worm exfiltrates to attacker-controlled domains. In block mode, these connections are dropped. Secrets never leave the runner.

actions-coolShai-Huluddurabletask

Harden Runner: Process Lockdown Mode

Detects anomalous process behavior and terminates the job in real time.

How it applies: Both the actions-cool and Shai-Hulud malware spawn processes that read /proc/pid/mem of the Runner.Worker process to extract masked secrets from memory. This is the exact behavior lockdown mode is built to detect and terminate.

actions-coolShai-Hulud

Policy Driven Pull Requests

Auto-pins GitHub Actions to immutable commit SHAs. Prevents tag manipulation attacks.

How it applies: The actions-cool compromise worked by replacing all version tags with imposter commits. Workflows pinned to full-length commit SHAs were unaffected. Policy Driven PRs automate this pinning across your entire organization.

actions-cool

Secure Registry + Cooldown Policy

Holds freshly published package versions back from builds until evaluated.

How it applies: The three malicious durabletask versions were published within a 35-minute window. A cooldown policy would have prevented builds from pulling them during the critical window before the compromise was discovered. Same applies to Shai-Hulud worm packages.

durabletaskShai-Hulud

DetectionSee the attack as it happens, across the fleet

Network Monitoring + Anomaly Detection

Logs and analyzes all outbound connections, flagging never-before-seen endpoints.

How it applies: Even in audit mode (before switching to block mode), Harden Runner flags anomalous connections to attacker C2 domains. The organization baseline feature can identify all workflow runs across your organization that contacted a malicious domain during the compromise window.

actions-coolShai-Huluddurabletask

Imposter Commit Scanning

Detects when a GitHub Action resolves to a commit that is not on any branch of the source repo.

How it applies: The actions-cool attack moved all tags to imposter commits. StepSecurity's workflow log analysis detects this automatically with zero additional configuration, just by having the StepSecurity app installed.

actions-cool

Package Search (Default Branch + Pull Requests)

Scans repositories for known compromised packages across default branches and open PRs.

How it applies: When durabletask or Shai-Hulud worm packages are flagged as compromised, Package Search identifies every repository in your organization that has the affected versions in lockfiles or dependency manifests, covering both merged code and open pull requests.

durabletaskShai-Hulud

Dev Machine Guard

Real-time inventory of IDE extensions, npm packages, and Python packages across developer machines. Instantly search for compromised components.

How it applies: When the Nx Console VS Code extension compromise was announced, Dev Machine Guard enables immediate search to identify which developers have the affected extension installed, the same attack vector that breached GitHub. When malicious durabletask versions or Shai-Hulud worm packages are identified, it lets you search which developers have those compromised packages installed locally, before they ever reach a CI/CD pipeline. No CI/CD-focused tool covers the developer machine layer.

Nx ConsoleGitHub BreachdurabletaskShai-Hulud

Threat Center + AI-Powered Monitoring

Continuously monitors the ecosystem for indicators of compromise. Publishes advisories with IOCs in near real-time.

How it applies: StepSecurity's AI monitoring pipeline detected each of the incidents in this wave and published Threat Center advisories with full IOCs, malicious domains, and compromised commit SHAs. Customers with SIEM integrations received alerts in real time.

Nx Consoleactions-coolShai-Huluddurabletask

ResponseContain the blast radius across your organization

Compromised Actions Policy (Pre-Execution Gate)

Automatically cancels workflow runs that reference known compromised actions across your entire org.

How it applies: Once StepSecurity added the compromised actions-cool tags to the known compromised list, every new workflow run across all customer organizations referencing those tags was automatically cancelled before any code executed. Immediate org-wide protection without patching each repo.

actions-cool

GitHub Checks (Cooldown + Pwn Request + Script Injection)

Enforces security checks on every pull request before code reaches the main branch.

How it applies: GitHub Checks enforce cooldown periods for newly published dependencies in PRs, detect pwn request patterns, and flag script injection vulnerabilities. For the Shai-Hulud worm packages and actions-cool actions, these checks would flag the compromise indicators at the PR level.

actions-coolShai-Hulud

Dev Machine Guard: Incident Response

Maps the blast radius of a compromise across developer machines. Identifies every affected device in your organization.

How it applies: When a supply chain compromise is confirmed, the first question is "who is affected?" Dev Machine Guard lets security teams instantly query across all developer machines to identify every device with the compromised IDE extension, npm package, or Python package installed. For the Nx Console compromise, this turns an incident response process that could take hours of manual device-by-device checks into a search that completes in seconds across your entire fleet.

Nx ConsoleGitHub BreachdurabletaskShai-Hulud

What We Expect Next

Based on the pattern we are seeing, we anticipate more incidents in the coming days and weeks. The adversaries behind these attacks, particularly TeamPCP and the actors operating the Shai-Hulud worm, have demonstrated a playbook that is effective and scalable. They compromise a trusted package or action, inject credential-stealing malware, exfiltrate secrets, and then use those stolen credentials to compromise additional packages, creating a self-reinforcing cycle.

The techniques are sophisticated and evolving: imposter commits in GitHub Actions, WAV steganography for hiding payloads, DNS tunneling for exfiltration, dangling orphan commits in legitimate repositories for payload hosting, and process memory reading for extracting masked secrets. Each new incident introduces a variation that tests whether defenders are relying on signatures or on fundamental security controls.

The fact that Microsoft and GitHub were both impacted in this wave should remove any doubt about whether software supply chain attacks are a real and present threat. These are organizations with world-class security teams, and they were compromised through vectors that their existing security infrastructure was not designed to cover.

Take Action Now

For StepSecurity Enterprise Customers

We strongly recommend confirming the following capabilities are enabled in your environment:

1. Threat Center Notifications. Set up notification channels and confirm the right people on your team are receiving Threat Center alerts, so you hear about newly identified compromises the moment they are published.

2. Dev Machine Guard. Ensure coverage across your developer machines so you can immediately search whether any compromised IDE extension, npm package, or Python package is installed in your environment.

3. Compromised Actions Policy. Enable automatic blocking of workflow runs that reference any GitHub Action known to be compromised.

4. Harden Runner. Deploy on your GitHub Actions workflows to detect and block credential exfiltration from CI runners. If you are currently in audit mode, consider moving to block mode for your most sensitive workflows.

5. Secure Registry (Beta). If you use JFrog or Google Artifact Registry, configure Secure Registry as the upstream for npm and apply a cooldown policy so freshly published packages are not pulled immediately.

6. GitHub Checks. Enable StepSecurity GitHub checks for cooldown period enforcement, pwn request detection, and script injection analysis.

If you need help enabling any of these or want us to review your current configuration, reach out to your StepSecurity contact. We are actively monitoring the situation and will share updates as more details emerge.

For the Community: Get Started for Free

You do not need to be an enterprise customer to start protecting your projects today. StepSecurity offers free community resources that use the same detection capabilities behind the incidents described in this post.

Harden Runner is free for open-source repositories. It provides runtime security, network egress monitoring, and anomaly detection for your GitHub Actions workflows at no cost. If you maintain open-source projects, adding Harden Runner to your workflows gives you immediate visibility into suspicious network connections and process behavior on your CI runners.

Dev Machine Guard offers a free version that gives you visibility into IDE extensions and packages installed on your developer machines. When the next compromise is announced, you can instantly check whether your environment is affected.

StepSecurity Blog is a free source of supply chain threat intelligence. We publish detailed technical analysis with indicators of compromise, affected versions, and remediation steps for every major software supply chain incident. Bookmark the blog or follow us on X to stay informed as new compromises are discovered.

For organizations that need full coverage across their entire pipeline, including Compromised Actions Policy, Threat Center, Secure Registry, and org-wide incident response, request a demo to see how the StepSecurity platform can protect every layer of the development pipeline.

We are actively monitoring the situation and will share updates as new incidents emerge.