惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Spread Privacy
Spread Privacy
P
Palo Alto Networks Blog
P
Proofpoint News Feed
AI
AI
Help Net Security
Help Net Security
S
Securelist
T
Troy Hunt's Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
C
Cisco Blogs
Scott Helme
Scott Helme
Hacker News - Newest:
Hacker News - Newest: "LLM"
Vercel News
Vercel News
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
B
Blog
GbyAI
GbyAI
Recent Commits to openclaw:main
Recent Commits to openclaw:main
D
Darknet – Hacking Tools, Hacker News & Cyber Security
P
Proofpoint News Feed
S
Security Affairs
Cisco Talos Blog
Cisco Talos Blog
AWS News Blog
AWS News Blog
T
Tenable Blog
H
Help Net Security
NISL@THU
NISL@THU
F
Fortinet All Blogs
博客园_首页
G
GRAHAM CLULEY
L
LINUX DO - 最新话题
P
Privacy International News Feed
G
Google Developers Blog
博客园 - Franky
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Security Archives - TechRepublic
Security Archives - TechRepublic
The Register - Security
The Register - Security
L
LangChain Blog
aimingoo的专栏
aimingoo的专栏
T
Tor Project blog
P
Privacy & Cybersecurity Law Blog
量子位
C
Cyber Attacks, Cyber Crime and Cyber Security
Forbes - Security
Forbes - Security
S
Secure Thoughts
Simon Willison's Weblog
Simon Willison's Weblog
D
Docker
Recorded Future
Recorded Future
博客园 - 三生石上(FineUI控件)
L
Lohrmann on Cybersecurity
T
Tailwind CSS Blog

Step Security Blog

Securing Vibe Coding and AI Coding Agents: An End-to-End Approach with StepSecurity - StepSecurity Introducing StepSecurity Dev Machine Guard: Protecting Developer Machines from Supply Chain Attacks - StepSecurity Top 2024 Predictions for CI/CD Security - StepSecurity Dev Machine Guard Is Now Open Source: See What's Really Running on Your Developer Machine - StepSecurity Datadog's DevSecOps 2026 Report Validates What We've Been Building - StepSecurity hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far - StepSecurity Cline Supply Chain Attack Detected: cline@2.3.0 Silently Installs OpenClaw - StepSecurity StepSecurity’s Unified Protection Across the SDLC Infrastructure Threat Framework (SITF) - StepSecurity @velora-dex/sdk Compromised on npm: Malicious Version Drops macOS Backdoor via launchctl Persistence - StepSecurity axios Compromised on npm - Malicious Versions Drop Remote Access Trojan - StepSecurity Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack - StepSecurity 10 Layers Deep: How StepSecurity Stops TeamPCP's Trivy Supply Chain Attack on GitHub Actions - StepSecurity Malicious IoliteLabs VSCode Extensions Target Solidity Developers on Windows, macOS, and Linux with Backdoor - StepSecurity TeamPCP Plants WAV Steganography Credential Stealer in telnyx PyPI Package - StepSecurity litellm: Credential Stealer Hidden in PyPI Wheel - StepSecurity Checkmarx KICS GitHub Action Compromised: Malware Injected in All Git Tags - StepSecurity CanisterWorm: How a Self-Propagating npm Worm Is Spreading Backdoors Across the Ecosystem - StepSecurity Trivy Compromised a Second Time - Malicious v0.69.4 Release, aquasecurity/setup-trivy, aquasecurity/trivy-action GitHub Actions Compromised - StepSecurity bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys - StepSecurity Malicious npm Releases Found in Popular React Native Packages - 130K+ Monthly Downloads Compromised - StepSecurity Malicious Polymarket Bot Hides in Hijacked dev-protocol GitHub Org and Steals Wallet Keys - StepSecurity ForceMemo: Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push - StepSecurity xygeni-action Compromised: C2 Reverse Shell Backdoor Injected via Tag Poisoning - StepSecurity kubernetes-el Compromised: How a Pwn Request Exploited a Popular Emacs Package - StepSecurity How StepSecurity Caught a Release Storm in Microsoft’s @types Packages - StepSecurity Harden Runner Now Supports Windows and macOS GitHub Actions Runners - StepSecurity 10,000 Open-Source Projects Now Secured by Harden-Runner Community-Tier: A Milestone Three Years in the Making - StepSecurity 20+ Popular NPM Packages Compromised (Chalk, Debug, Strip-ANSI, Color-Convert, Wrap-ANSI...) - StepSecurity 2024 in Review: The Evolution of CI/CD Security & What's Next - StepSecurity How to Use Docker in Actions Runner Controller (ARC) Runners Securely - StepSecurity Celebrating 1000 Repositories Secured with Harden Runner: A Journey of Growth and Collaboration - StepSecurity StepSecurity Detects Early Supply Chain Risk Signals in kilocode npm - StepSecurity Another npm Supply Chain Attack: The 'is' Package Compromise - StepSecurity anthropics/claude-code-action Security: How to Secure Claude Code in GitHub Actions with Harden-Runner - StepSecurity Harden-Runner detection: tj-actions/changed-files action is compromised - StepSecurity StepSecurity's Catalog of Fixes - StepSecurity Orchestrating Security: StepSecurity's Impact on 400+ Repositories and Future Plans - StepSecurity Announcing Anomalous Outbound Call Detection Using Machine Learning - StepSecurity Announcing GitHub Actions Advisor and StepSecurity Maintained Actions - StepSecurity Analysis of Backdoored XZ Utils Build Process with Harden-Runner - StepSecurity Announcing General Availability of Harden Runner - StepSecurity Milestone Achieved: 2500+ Public Repositories Secured with Harden-Runner - StepSecurity Build secretless CI/CD pipelines using wait-for-secrets - StepSecurity Introducing Apps & PATs: Centralized Visibility for GitHub Apps and Personal Access Tokens - StepSecurity CVE-2026-22709: Critical Sandbox Escape Vulnerability in vm2 - StepSecurity StepSecurity Now Supports Dark Mode - StepSecurity 2025 in Review: The Evolution of Supply Chain Security & What's Next - StepSecurity Bake Harden-Runner Into GitHub's Custom Runner Images for Organization-Wide CI/CD Security - StepSecurity StepSecurity Is Now Available on Azure Marketplace - StepSecurity Critical Remote Code Execution Vulnerabilities Discovered in React Server Components and Next.js - StepSecurity How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository - StepSecurity Sha1-Hulud: The Second Coming - Zapier, ENS Domains, and Other Prominent NPM Packages Compromised - StepSecurity Supply Chain Security Alert: eslint-config-prettier Package Shows Signs of Compromise - StepSecurity 9,000 Open-Source Projects Now Secured by Harden-Runner - StepSecurity Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages - StepSecurity Introducing npm Package Search: Find Where Any Package Was Introduced Across Your GitHub Organizations - StepSecurity StepSecurity Is Sponsoring GitHub Universe 2025 - StepSecurity s1ngularity: Popular Nx Build System Package Compromised with Data-Stealing Malware - StepSecurity Introducing StepSecurity Threat Intelligence: Real-Time Supply Chain Attack Alerts for Your SIEM - StepSecurity 8,000 Strong: Harden-Runner's Growing Impact on CI/CD Security - StepSecurity Securing Google Gemini in GitHub Actions with Harden-Runner - StepSecurity GhostAction Campaign: Over 3,000 Secrets Stolen Through Malicious GitHub Workflows - StepSecurity Introducing the NPM Package Cooldown Check - StepSecurity Securing GitHub Copilot in GitHub Actions with Harden-Runner - StepSecurity Calculate Your CI/CD Security ROI with StepSecurity's New ROI Calculator - StepSecurity How StepSecurity Harden Runner Detected Unexpected Microsoft Defender Installation on GitHub-hosted Ubuntu Runners - StepSecurity StepSecurity Harden Runner: Detect source code tampering during the build process - StepSecurity Suspicious Tag Movement in AWS’s GitHub Action: What Happened and Why It Matters - StepSecurity When 'Changed Files' Changed Everything: Our Black Hat 2025 Presentation on the tj-actions Supply Chain Breach - StepSecurity Lessons from AWS CodeBuild’s Memory-Dump Incident (CVE-2025-8217) - StepSecurity Supply Chain Security Alert: num2words PyPI Package Shows Signs of Compromise - StepSecurity When AI Meets CI/CD: Coding Agents in GitHub Actions Pose Hidden Security Risks - StepSecurity The GitHub Warning Everyone Ignores: 'This Commit Does Not Belong to Any Branch' - StepSecurity 8 GitHub Actions Secrets Management Best Practices to Follow - StepSecurity reviewdog GitHub Actions are compromised - StepSecurity 7,000 Open-Source Projects Now Secured by Harden-Runner - StepSecurity Replace Third-Party Actions with StepSecurity Maintained Actions via Automated Pull Requests - StepSecurity StepSecurity Is Now Available on AWS Marketplace - StepSecurity Introducing StepSecurity Artifact Monitor: Detect Unauthorized Software Releases in minutes, not months - StepSecurity Introducing Workflow Run Policies: Guardrails for Blocking Non-Compliant GitHub Actions Runs - StepSecurity Harden-Runner Detects New Traffic to release-assets.githubusercontent.com Across Multiple Customers - StepSecurity Grafana GitHub Actions Security Incident - StepSecurity Export Harden-Runner Security Insights and Detections to Amazon S3 - StepSecurity Evolving Harden-Runner’s disable-sudo Policy for Improved Runner Security - StepSecurity Announcing Policy-Driven Automated Pull Requests for CI/CD Misconfiguration Remediation - StepSecurity Announcing StepSecurity’s Integration with RunsOn: Secure and Optimized CI/CD Pipelines - StepSecurity Secure Repo Just Got Better: New Features for GitHub Actions Security Best Practices - StepSecurity Why Compliance Auditors Are Looking at Your CI/CD Runners - And How to Prepare - StepSecurity Harden-Runner Flags Anomalous Outbound Call, Leading to Docker Documentation Update - StepSecurity StepSecurity Harden-Runner Now Secures GitHub Actions Workflows for Over 5,000 Open Source Projects - StepSecurity GitHub Actions Pwn Request Vulnerability - StepSecurity Prevent Ultralytics Style CI/CD Security Attacks with Network Security Controls - StepSecurity PyTorch Supply Chain Compromise - StepSecurity Unified Network Egress View: Centralize GitHub Actions Network Destinations for Your Enterprise - StepSecurity Uniting Developers and Security: Celebrating the Success of 500+ Open Source Projects Using StepSecurity's Orchestration Platform - StepSecurity 5 Effective Third-Party GitHub Actions Governance Best Practices - StepSecurity StepSecurity Recognized Among CRN’s "10 Hottest DevOps Startups Of 2024" - StepSecurity Streamline Your GitHub Actions Workflows with StepSecurity’s Latest Feature - StepSecurity StepSecurity Steps Up the Security Game with SOC 2 Type 2 Compliance - StepSecurity StepSecurity's Alignment with CISA's CI/CD Security Guidance - StepSecurity
Miasma and Hades Are Spreading Now: Detect Them on Developer Machines with Suspicious Files - StepSecurity
2026-06-12 · via Step Security Blog

The Miasma worm and its PyPI branch, Hades, are spreading across the npm and PyPI ecosystems right now. They do not wait for a build step or a careless npm install. They run when a developer opens a project or imports a package, and they read secrets straight out of process memory. The defenses most teams rely on, EDR, registry gateways, and SCA scanners, were not built to catch this. Dev Machine Guard's new Suspicious Files feature is, detecting the files these worms drop on developer machines with rules StepSecurity maintains and ships to your fleet automatically.

The StepSecurity research team has been at the forefront of this campaign, tracking each wave as it broke and frequently first to report it: the Miasma npm wave on June 3, the attack on Microsoft's Azure organizations that disabled 73 repositories on June 5, and the Hades PyPI campaign on June 8. Three waves in five days, across two ecosystems. This is moving fast, and the question every security team needs answered is which of their developer machines are affected right now.

Why this is urgent

This is not a single incident to clean up. It is an actively spreading, self-replicating campaign that mutates faster than advisories can keep up.

On June 3, 2026, the Miasma worm compromised 57 npm packages across more than 286 malicious versions in a rolling campaign that lasted under two hours. The largest victim was @vapi-ai/server-sdk, with more than 408,000 monthly downloads. Five days later, on June 8, the same threat actor surfaced on PyPI as the Hades Campaign, compromising ensmallen and roughly two dozen related machine-learning and bioinformatics packages. Between the two ecosystems, researchers counted hundreds of malicious artifacts.

These are worms. Once Miasma or Hades lands on a developer machine, it searches for npm and PyPI publishing tokens, then republishes infected versions of every package that token can publish. Each new victim becomes a new spreader. The speed is the point: when the campaign reached Microsoft's Azure GitHub organizations on June 5, it spread across 73 repositories in under two minutes, and the broader campaign has now infected more than 113 repositories across dozens of accounts. That is why the package count climbs by the hour, and why "which of our developers have this right now" is a question you need answered in minutes, not after the next advisory.

How the attack evolved: from install to import

For years, the supply chain threat model centered on installation. Malicious packages ran their code through preinstall and postinstall lifecycle scripts in package.json, so that is where scanners, allowlists, and CI checks learned to look. Miasma and Hades have moved the execution trigger somewhere those tools do not watch.

Miasma's npm variant uses a technique we call "Phantom Gyp": instead of a lifecycle script, it ships a 157-byte binding.gyp file that triggers code execution during npm install through the native build step, bypassing install-script security checks entirely. The same actor then went further, infecting repositories so the payload runs when a folder is simply opened in an IDE or AI coding assistant, no install required at all.

Hades, the PyPI branch, executes on import. The malicious code is an obfuscated one-line hook embedded in a package's __init__.py. The moment a developer imports the package, the hook downloads a standalone Bun runtime and runs a JavaScript payload. A developer does not have to run anything malicious on purpose. Opening a project in VS Code, or importing a dependency they have used for years, is now enough.

This is the shift that matters: the dangerous moment is no longer install time. It is open time and import time. And the artifacts that carry the payload, a binding.gyp, an injected __init__.py, a .vscode/tasks.json, a .claude/setup.mjs, sit quietly in the project tree and never appear in a package manifest or a lockfile diff.

Why current defenses miss this

Most organizations already run several layers of supply chain defense. Against Miasma and Hades, each one has a blind spot.

Registry gateways and cooldown policies sit at install time. They gate which package versions a client is allowed to fetch from the registry, which is valuable, but it is the wrong checkpoint for these worms. A registry gateway does not see a binding.gyp that fires during a native build, an __init__.py hook that runs on import, or a repository file that executes when the folder is opened. By the time the payload runs, the gateway's job is already done.

EDR is built to flag suspicious process behavior and known-bad binaries. Hades was designed specifically to slip past it: the payload reads secrets directly from process memory, without writing them to disk or making an obviously suspicious network connection, and it runs through a legitimate, signed Bun runtime it downloads on the fly. There is no malware binary to fingerprint and no classic disk-write or exfiltration pattern to alert on. The Hades campaign even ships AI prompt-injection content designed to misdirect automated AI triage systems that try to analyze it.

SCA and dependency scanners inventory what is declared in your manifests and lockfiles. The files that carry these payloads are not dependencies you declared. A binding.gyp, an injected import hook, or an editor config file does not show up in package.json or requirements.txt, so a scanner looking at your dependency graph has nothing to flag.

The common thread: these tools watch the package and the install. Miasma and Hades execute from files on the developer's disk, at open and import time, using memory-resident techniques. That gap is exactly what Suspicious Files is built to close.

What Suspicious Files detects

Suspicious Files flags files associated with known supply chain attacks across all of your enrolled developer machines. The detection rules are managed by the StepSecurity research team and continuously updated based on our own research. StepSecurity is one of the first companies to detect major supply chain attacks, and has been officially credited for discovering several of them, including the compromises of axios and TanStack. Coverage today includes the artifacts behind the Miasma and Hades campaigns:

  • A malicious binding.gyp that triggers code execution during npm install (the Phantom Gyp technique)
  • Editor and AI-tool configuration files that auto-execute when a project is opened or an AI coding session starts

These editor and AI-tool integration points are increasingly attractive to attackers because they execute with the developer's own access and require no package install at all:

File Tool Trigger
.claude/setup.mjs Anthropic Claude Code SessionStart hook: runs on every new session
.claude/settings.json Anthropic Claude Code Settings injection
.cursor/rules/setup.mdc Cursor Custom rules file: loaded on project open
.gemini/settings.json Google Gemini Settings injection
.vscode/tasks.json Visual Studio Code runOn: folderOpen auto-execute
.vscode/setup.mjs Visual Studio Code Task-triggered setup script
.github/setup.js GitHub Actions Workflow injection

Managed detection, nothing to configure

Suspicious Files works out of the box. The detection rules are authored and maintained by StepSecurity, the same research team that has tracked Miasma and Hades from their first waves and is frequently first to report these campaigns. When the actor mutates, as Hades did when it jumped from npm to PyPI and split its loader and payload to evade detection, we update the rules centrally and your fleet is evaluated against them automatically. There are no rules for you to write, tune, or keep current.

When a file is flagged, the dashboard gives you the full detection record:

  • The file path and the device it was found on
  • The attack campaign the matching rule is associated with
  • A confidence level for the detection
  • The file's SHA-256, for correlation and threat-intel lookups
  • The matched rule and file-path pattern
  • When the file was first and most recently seen on the device
  • A condition breakdown showing exactly which indicators matched and which were required

The condition breakdown means a detection is never a black box. You can see precisely why a file was flagged, which makes both validation and triage fast during a live incident.

Why this matters

A compromised developer machine is one of the most valuable footholds an attacker can get. Developer machines hold publishing tokens for npm and PyPI, SSH keys into production, GitHub credentials with elevated scopes, and direct access to CI/CD systems. A file that executes on import or on project open runs with all of that access, and in the case of Miasma and Hades, immediately uses any publishing token it finds to spread the worm further.

Traditional MDM tools understand device posture, not developer workflows. EDR understands process behavior, not supply chain tradecraft. Registry gateways understand installs, not imports. The file a worm drops on disk falls between all of them. Suspicious Files is built specifically for that gap, giving security teams visibility into the files attackers actually use to get code running on developer machines.

How to get started

Suspicious Files is part of Dev Machine Guard and runs on the same lightweight agent you already deploy through your existing MDM or EDR tooling, on macOS, Windows, and Linux. There is no new agent to install and no detection content to manage.

If you already run Dev Machine Guard, Suspicious Files is available now in your dashboard under Developer Machines. Open it to see whether any Miasma or Hades artifacts are present across your fleet.

If you are not yet using Dev Machine Guard, see the Installation Script documentation for rollout guidance, or request a demo to see how it fits into your environment.

Miasma and Hades have already moved past the install-time defenses everyone deployed. They are spreading now, on import and on open. Your visibility needs to be where the code actually runs.