惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

U
Unit 42
N
News and Events Feed by Topic
S
Schneier on Security
G
GRAHAM CLULEY
Scott Helme
Scott Helme
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
GbyAI
GbyAI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
C
CERT Recently Published Vulnerability Notes
T
The Exploit Database - CXSecurity.com
C
Cisco Blogs
T
The Blog of Author Tim Ferriss
Cisco Talos Blog
Cisco Talos Blog
P
Privacy & Cybersecurity Law Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 司徒正美
Blog — PlanetScale
Blog — PlanetScale
Project Zero
Project Zero
MyScale Blog
MyScale Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Apple Machine Learning Research
Apple Machine Learning Research
小众软件
小众软件
The Last Watchdog
The Last Watchdog
Vercel News
Vercel News
The Cloudflare Blog
C
Check Point Blog
Help Net Security
Help Net Security
Microsoft Security Blog
Microsoft Security Blog
AI
AI
Simon Willison's Weblog
Simon Willison's Weblog
云风的 BLOG
云风的 BLOG
M
MIT News - Artificial intelligence
Stack Overflow Blog
Stack Overflow Blog
腾讯CDC
NISL@THU
NISL@THU
S
Security @ Cisco Blogs
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
S
SegmentFault 最新的问题
MongoDB | Blog
MongoDB | Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threatpost
AWS News Blog
AWS News Blog
Cloudbric
Cloudbric
N
News and Events Feed by Topic
PCI Perspectives
PCI Perspectives
S
Securelist
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V
Vulnerabilities – Threatpost
S
Secure Thoughts

SANS Internet Storm Center, InfoCON: green

From a VHDX File to a Remcos RAT - SANS Internet Storm Center ISC Stormcast For Tuesday, June 16th, 2026 https://isc.sans.edu/podcastdetail/9974 Evil MSI Background: BASE64 Statistical Analysis - SANS ISC ISC Stormcast For Monday, June 15th, 2026 https://isc.sans.edu/podcastdetail/9972 ISC Stormcast For Friday, June 12th, 2026 https://isc.sans.edu/podcastdetail/9970 ISC Stormcast For Thursday, June 11th, 2026 https://isc.sans.edu/podcastdetail/9968 How has use of framing protection security headers changed in the past 3 years? ISC Stormcast For Wednesday, June 10th, 2026 https://isc.sans.edu/podcastdetail/9966 Microsoft June 2026 Patch Tuesday - SANS Internet Storm Center ISC Stormcast For Tuesday, June 9th, 2026 https://isc.sans.edu/podcastdetail/9964 TeamPCP Supply Chain Campaign: Activity Through 2026-06-07 ISC Stormcast For Monday, June 8th, 2026 https://isc.sans.edu/podcastdetail/9962 The Evil MSI Background is Back! - SANS Internet Storm Center ISC Stormcast For Friday, June 5th, 2026 https://isc.sans.edu/podcastdetail/9960 Microsoft's Coreutils for Windows - SANS Internet Storm Center ISC Stormcast For Thursday, June 4th, 2026 https://isc.sans.edu/podcastdetail/9958 Continuing Scans for swagger.json - SANS Internet Storm Center ISC Stormcast For Wednesday, June 3rd, 2026 https://isc.sans.edu/podcastdetail/9956 New Wave Of Phishing Emails with SVG Files - SANS ISC ISC Stormcast For Tuesday, June 2nd, 2026 https://isc.sans.edu/podcastdetail/9954 ISC Stormcast For Monday, June 1st, 2026 https://isc.sans.edu/podcastdetail/9952 Unidentified RAT pushes NetSupport RAT - SANS ISC YARA-X 1.17.0 Release - SANS Internet Storm Center ISC Stormcast For Friday, May 29th, 2026 https://isc.sans.edu/podcastdetail/9950 Analysis of a Year of Files Uploaded to DShield Sensors ISC Stormcast For Thursday, May 28th, 2026 https://isc.sans.edu/podcastdetail/9948 Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs ISC Stormcast For Wednesday, May 27th, 2026 https://isc.sans.edu/podcastdetail/9946 ISC Stormcast For Tuesday, May 26th, 2026 https://isc.sans.edu/podcastdetail/9944 Possible ACR Stealer From Page Impersonating Claude Microsoft Access VBA - SANS Internet Storm Center Wireshark 4.6.6 Released - SANS Internet Storm Center An Example of Stack String in High Level Language - SANS ISC Cross-Platform NPM Stealer - SANS Internet Storm Center ISC Stormcast For Friday, May 22nd, 2026 https://isc.sans.edu/podcastdetail/9942 Selective HTTP Proxying in Linux - SANS Internet Storm Center ISC Stormcast For Thursday, May 21st, 2026 https://isc.sans.edu/podcastdetail/9940 ISC Stormcast For Wednesday, May 20th, 2026 https://isc.sans.edu/podcastdetail/9938 ISC Stormcast For Tuesday, May 19th, 2026 https://isc.sans.edu/podcastdetail/9936 [Guest Diary] New Malware Libraries means New Signatures ISC Stormcast For Friday, May 15th, 2026 https://isc.sans.edu/podcastdetail/9934 Simple bypass of the link preview function in Outlook Junk folder ISC Stormcast For Thursday, May 14th, 2026 https://isc.sans.edu/podcastdetail/9932 [GUEST DIARY] Tearing apart website fraud to see how it works. ISC Stormcast For Wednesday, May 13th, 2026 https://isc.sans.edu/podcastdetail/9930 Proxying the Unproxyable? Sending EXE traffic to a Proxy Microsoft May 2026 Patch Tuesday - SANS Internet Storm Center ISC Stormcast For Tuesday, May 12th, 2026 https://isc.sans.edu/podcastdetail/9928 Apple Patches Everything - SANS Internet Storm Center Why we use CAPTCHAs - SANS Internet Storm Center ISC Stormcast For Monday, May 11th, 2026 https://isc.sans.edu/podcastdetail/9926 YARA-X 1.16.0 Release - SANS Internet Storm Center Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag ISC Stormcast For Friday, May 8th, 2026 https://isc.sans.edu/podcastdetail/9924 ISC Stormcast For Wednesday, May 6th, 2026 https://isc.sans.edu/podcastdetail/9920 Cleartext Passwords in MS Edge? In 2026? - SANS ISC SSL.com rotates their root certificate today - SANS ISC ISC Stormcast For Tuesday, May 5th, 2026 https://isc.sans.edu/podcastdetail/9918 TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03) DShield Honeypot Update - SANS Internet Storm Center ISC Stormcast For Monday, May 4th, 2026 https://isc.sans.edu/podcastdetail/9916 Wireshark 4.6.5 Released - SANS Internet Storm Center Malicious Ad for Homebrew Leads to MacSync Stealer ISC Stormcast For Friday, May 1st, 2026 https://isc.sans.edu/podcastdetail/9914 ISC Stormcast For Thursday, April 30th, 2026 https://isc.sans.edu/podcastdetail/9912 Danger of Libredtail [Guest Diary] - SANS Internet Storm Center Today's Odd Web Requests - SANS Internet Storm Center ISC Stormcast For Wednesday, April 29th, 2026 https://isc.sans.edu/podcastdetail/9910 HTTP Requests with X-Vercel-Set-Bypass-Cookie Header ISC Stormcast For Tuesday, April 28th, 2026 https://isc.sans.edu/podcastdetail/9908 TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns ISC Stormcast For Friday, April 24th, 2026 https://isc.sans.edu/podcastdetail/9906 Apple Patches Exploited Notification Flaw - SANS ISC ISC Stormcast For Thursday, April 23rd, 2026 https://isc.sans.edu/podcastdetail/9904 ISC Stormcast For Wednesday, April 22nd, 2026 https://isc.sans.edu/podcastdetail/9902 [Guest Diary] Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident, (Wed, Apr 22nd) A .WAV With A Payload - SANS Internet Storm Center ISC Stormcast For Tuesday, April 21st, 2026 https://isc.sans.edu/podcastdetail/9900 Handling the CVE Flood With EPSS - SANS Internet Storm Center ISC Stormcast For Monday, April 20th, 2026 https://isc.sans.edu/podcastdetail/9898 ISC Stormcast For Friday, April 17th, 2026 https://isc.sans.edu/podcastdetail/9896 Lumma Stealer infection with Sectop RAT (ArechClient2) ISC Stormcast For Thursday, April 16th, 2026 https://isc.sans.edu/podcastdetail/9894 [Guest Diary] Compromised DVRs and Finding Them in the Wild ISC Stormcast For Wednesday, April 15th, 2026 https://isc.sans.edu/podcastdetail/9892 Scanning for AI Models - SANS Internet Storm Center Microsoft Patch Tuesday April 2026. - SANS ISC ISC Stormcast For Tuesday, April 14th, 2026 https://isc.sans.edu/podcastdetail/9890 Scans for EncystPHP Webshell - SANS Internet Storm Center ISC Stormcast For Monday, April 13th, 2026 https://isc.sans.edu/podcastdetail/9888 Obfuscated JavaScript or Nothing - SANS Internet Storm Center ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886 Number Usage in Passwords: Take Two - SANS ISC TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory More Honeypot Fingerprinting Scans - SANS Internet Storm Center ISC Stormcast For Wednesday, April 8th, 2026 https://isc.sans.edu/podcastdetail/9884 A Little Bit Pivoting: What Web Shells are Attackers Looking for? ISC Stormcast For Tuesday, April 7th, 2026 https://isc.sans.edu/podcastdetail/9882 How often are redirects used in phishing in 2026? - SANS ISC ISC Stormcast For Monday, April 6th, 2026 https://isc.sans.edu/podcastdetail/9880
TeamPCP Supply Chain Campaign: Activity Through 2026-05-17
SANS Internet Storm Center · 2026-05-19 · via SANS Internet Storm Center, InfoCON: green

Since the last update, the TeamPCP supply chain campaign produced its loudest stretch since the March Trivy disclosure: an officially confirmed Checkmarx Jenkins plugin compromise and a new self-spreading Mini Shai-Hulud worm across npm and PyPI.

Bottom line up front

Two TeamPCP events broke within 48 hours of each other and doubled attention on the campaign. Checkmarx confirmed its Jenkins AST plugin was trojanized, its third compromise in three months, validating an earlier single-researcher claim. In parallel, a new Mini Shai-Hulud worm poisoned roughly 170 npm and PyPI packages (42 @tanstack packages in about six minutes, downloads above 500 million) and was the first documented npm malware shipping with valid SLSA Build Level 3 provenance, plus a 1-in-6 disk-wipe payload on Israeli and Iranian locale hosts. NHS England issued the campaign's first government alert; CISA stayed silent. Action: audit CI for the indicators below, stop trusting provenance alone, pin and lockfile-verify dependencies.

How this developed

The period opened quiet and derivative: the lead story was PCPJack, a rival worm that evicts TeamPCP before stealing credentials, alongside a single-researcher claim that a Checkmarx Jenkins plugin had been backdoored. Days later it turned loud: Checkmarx officially confirmed that exact Jenkins compromise, and a new Mini Shai-Hulud worm hit the npm and PyPI ecosystems hard. The through-line is escalation: an unconfirmed rumor became a confirmed incident, and the campaign moved from a quiet competitor-eviction story to a high-impact, signed-malware supply chain wave.

What changed, by theme

Checkmarx Jenkins plugin: an unconfirmed claim, then official confirmation

Takeaway: a single-researcher claim, explicitly logged as unconfirmed at the time, was confirmed by Checkmarx four days later.

On 2026-05-09, researcher Berk Albayrak reported on X that the Checkmarx Jenkins AST scanner plugin had been backdoored. No Tier 1 outlet, no vendor, and no Checkmarx statement corroborated it at the time, so it was carried as information-only pending confirmation. On 2026-05-11 Checkmarx published an official update acknowledging that a tampered plugin (version 2026.5.09) had been published to the Jenkins Marketplace, with an exposure window of 2026-05-09 01:25 UTC to 2026-05-10 08:47 UTC. The RegisterBleepingComputerSecurityWeek, and The Hacker News carried it the same day. This is the third TeamPCP compromise of Checkmarx in three months, and the malicious plugin was installed by several hundred Jenkins controllers. Last known-good build: 2.0.13-829.vc72453fa_1c16 (2025-12-17). Remediated builds (both 2026-05-09): 2.0.13-848.v76e89de8a_053 and 2.0.13-847.v08c0072b_2fd5.

The Mini Shai-Hulud TanStack wave

Takeaway: a self-spreading worm poisoned roughly 170 npm and PyPI packages, and the publishes came from TanStack's own trusted release pipeline.

Starting 2026-05-11 at 19:20 UTC, the worm published 84 malicious artifacts across 42 @tanstack npm packages in about six minutes, including @tanstack/react-router (roughly 12 million weekly downloads). It then propagated to Mistral AI, UiPath, OpenSearch, Guardrails AI, and roughly 170 packages across npm and PyPI, with combined cumulative downloads above 500 million. Primary technical disclosures came from Wiz and StepSecurity, with Snyk and BleepingComputer adding scope and counts. The tracking identifier is CVE-2026-45321 (CVSS 9.6 per The Hacker News; advisory GHSA-g7cv-rxg3-hmpx per Snyk; Wiz and StepSecurity did not assign a CVE). A reported operator error matters for defenders: per Wiz's 2026-05-13 update, the credential stealer is non-functional in the @uipath and @mistralai variants because the payload is reassembled incorrectly there, which limits the harvest from the largest non-TanStack targets.

Signed malware: the SLSA Build Level 3 first

Takeaway: this is the first documented npm supply chain attack shipping malware with valid SLSA Build Level 3 provenance, so "has provenance" no longer means "not malicious."

Per Wiz, StepSecurity, and Snyk, the malicious versions carried valid SLSA Build Level 3 provenance attestations. Analysts assess this is novel and material: the attacker never stole maintainer npm credentials. Instead the malicious versions were published by TanStack's legitimate release pipeline using its own trusted OIDC identity, so the provenance is genuine and proves only that TanStack's pipeline built the artifact, not that the artifact is safe. The practical consequence: provenance and attestation checks alone do not detect this class of attack. Pinning exact versions and verifying lockfile hashes against a known-good baseline are still required.

Destructive and persistent: a 1-in-6 wipe and AI-agent persistence

Takeaway: this wave added a sabotage payload and a developer-tool persistence mechanism not seen in earlier Mini Shai-Hulud waves.

BleepingComputer (Bill Toulas) reported a probabilistic sabotage mechanism with a 1-in-6 chance of running a recursive wipe on systems matching Israeli or Iranian locales, a new behavior class for this malware family. Expel reported that the worm injects persistence hooks into developer tooling, specifically .vscode/tasks.json and ~/.claude/settings.json, so it survives reboots on developer endpoints. Defenders in the affected regions should treat the wipe behavior as a credible data-loss risk, and all teams should inspect those two file locations on engineer machines.

This destructive, geopolitically-targeted behavior is not new to the campaign. The original TeamPCP campaign report documented a conditional wiper in the earlier CanisterWorm payload that checked whether the infected system's timezone was set to Iran or its default language was Farsi, and on a match attempted to destroy data, wiping Kubernetes clusters node by node, or the local machine if no cluster was found. The current mechanism is a different payload and uses a probabilistic 1-in-6 trigger rather than a deterministic locale check, but it continues the same documented pattern of region-targeted data destruction layered onto a credential-theft operation.

PCPJack: a rival worm evicting TeamPCP

Takeaway: the first publicly documented actor to hunt and remove TeamPCP before stealing credentials, assessed with moderate confidence as a former affiliate.

On 2026-05-07 SentinelLABS disclosed PCPJack, a cloud worm that scans for exposed Docker, Kubernetes, Redis, MongoDB, and RayML services, exploits five vulnerabilities for initial access (CVE-2025-29927 Next.js middleware authentication bypass, CVE-2025-55182 Next.js Server Actions deserialization, CVE-2026-1357 WPVivid arbitrary file upload, CVE-2025-9501 W3 Total Cache RCE, CVE-2025-48703 CentOS Web Panel command injection), then kills TeamPCP processes and removes TeamPCP artifacts before harvesting npm, GitHub, and cloud credentials. SentinelLABS assesses with moderate confidence that PCPJack may be operated by a former TeamPCP affiliate, based on tradecraft overlap with the December 2025 PCPCat phase. BleepingComputerSecurityWeek, and The Register covered it within 36 hours. A follow-up on 2026-05-13 continued the PCPJack story.

Monetization stays frozen: Vect and CipherForce

Takeaway: the affiliated extortion channels stayed inactive through the period, supporting the view that TeamPCP's ransomware monetization is impaired.

Direct fetches of the ransomware.live Vect tracker show the victim count unchanged at 25, with the most recent posting dated 2026-04-15, leaving Vect operationally quiet for roughly 32 days by 2026-05-15. CipherForce remained inactive at roughly 84 days, with 6 victims unchanged. Combined with the earlier Check Point disclosure of a cryptographic flaw in Vect 2.0, this reinforces the prior assessment that TeamPCP is currently monetizing through supply chain credential theft rather than affiliate ransomware.

Institutional response: NHS moved, CISA did not

Takeaway: a meaningful first government alert, against continued and now increasingly anomalous US federal silence.

NHS England Digital issued cyber alert cc-4781 on 2026-05-12, the first government advisory of the campaign to name the affected packages. Against that, the meaningful negatives still hold: CISA did not issue a standalone TeamPCP advisory, did not add CVE-2026-45321 to the Known Exploited Vulnerabilities catalog within the window, and has not named the operator. No Mandiant or Google Threat Intelligence Group named-actor product on the TanStack wave was published; technical attribution to TeamPCP rests on StepSecurity, Wiz, and Snyk. OpenAI published a corporate response titled "Our response to the TanStack npm supply chain attack".

How the TanStack compromise worked (short version)

The attacker did not steal npm credentials. They abused CI: a pull_request_target workflow ran fork-controlled code on a privileged GitHub Actions runner, GitHub Actions cache poisoning was staged through a renamed attacker fork, and the pipeline's OIDC token was extracted from runner process memory. The malicious package versions were then published by TanStack's own trusted release identity, which is why the provenance attestations are valid. Two staged attacker forks were used and should not be conflated: github[.]com/voicproducoes/router (created 2026-05-10, per StepSecurity) and github[.]com/zblgg/configuration (account zblgg, commits 2026-05-11 19:20 to 19:26 UTC, per Wiz and Snyk).

What defenders should do now

  • Inventory installs of @tanstack/* and the named packages (mistralai, guardrails-ai, @opensearch-project/opensearch, @uipath/, @squawk/mcp, @tallyui/) created during the compromise windows below; treat matching installs as suspect.
  • Rotate npm, GitHub, cloud provider, and CI/CD tokens that were exposed to affected CI runners.
  • Stop treating SLSA provenance or attestation as sufficient; pin exact versions and verify lockfile hashes against a known-good baseline.
  • Block and alert on the indicators below at egress, including the C2 IP and domain and the Session messenger exfiltration nodes.
  • Inspect developer endpoints for persistence in .vscode/tasks.json and ~/.claude/settings.json.
  • Audit GitHub Actions for pull_request_target running on forks and for cache-poisoning exposure.
  • For the Checkmarx Jenkins AST plugin, confirm you are on a remediated build (2.0.13-848.v76e89de8a_053 or 2.0.13-847.v08c0072b_2fd5) and not the tampered 2026.5.09.

Compromise time windows (for CI self-check)

  • Checkmarx Jenkins AST plugin tampered version exposure: 2026-05-09 01:25 UTC to 2026-05-10 08:47 UTC.
  • TanStack malicious npm publishes: 2026-05-11 19:20 UTC to 19:26 UTC; broader worm propagation across npm and PyPI continued through 2026-05-13.

Indicators of compromise

Type Indicator Notes
C2 IP 83.142.209.194 TanStack wave command and control (Wiz)
C2 domain git-tanstack[.]com TanStack wave command and control (Wiz, StepSecurity, Snyk)
Exfil node filev2[.]getsession[.]org Session messenger exfiltration (Wiz, StepSecurity, Snyk)
Exfil node seed1[.]getsession[.]org Session messenger exfiltration (Wiz, StepSecurity, Snyk)
Attacker fork github[.]com/voicproducoes/router Staged 2026-05-10 (StepSecurity)
Attacker fork github[.]com/zblgg/configuration Account zblgg, commits 2026-05-11 19:20 to 19:26 UTC (Wiz, Snyk)
File hash router_init.js SHA-256 ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c TanStack malicious payload (Wiz, StepSecurity, Snyk)
Plugin version Checkmarx Jenkins AST plugin 2026.5.09 Tampered build (Checkmarx)
Vulnerability CVE-2026-45321 TanStack compromise tracking ID, CVSS 9.6 (THN), GHSA-g7cv-rxg3-hmpx (Snyk)
Persistence .vscode/tasks.json~/.claude/settings.json Developer-tool persistence hooks (Expel)

Watch items

  • CISA action: a Known Exploited Vulnerabilities addition for CVE-2026-45321, a standalone TeamPCP advisory, or an emergency directive. The continued federal silence on a campaign of this profile is itself the watch item.
  • Attribution: a Mandiant or Google Threat Intelligence Group named-actor product on the TanStack wave (the operator is tracked as UNC6780); current technical attribution rests only on StepSecurity, Wiz, and Snyk.
  • Maintainer disclosures: postmortems or breach notifications from TanStack, Mistral AI, or Guardrails AI, including any SEC or privacy-law filings.
  • A formal Checkmarx postmortem naming TeamPCP, given this is the third Checkmarx compromise in three months.
  • Any verified wipe event, or a CERT-IL or CERT-IR advisory, tied to the locale-targeted destructive payload.
  • Any patched Vect 2.1 release fixing the disclosed Vect 2.0 cryptographic flaw, or a CipherForce return after the prolonged freeze.