All news with #github tag

Exposed GitHub PATs Enable Access to Cloud Secrets

🔒 Recent research from the Wiz Customer Incident Response Team shows attackers are using exposed GitHub Personal Access Tokens (PATs) to retrieve GitHub Action Secrets and pivot into cloud environments. A read-level PAT can leverage GitHub’s API code search to locate secret references like "${{ secrets.SECRET_NAME }}" — and because those search API calls are not logged, discovery is stealthy. Once obtained, cloud provider credentials let attackers spin up resources, exfiltrate data, install malware, or persist while often evading detection. Organizations should treat PATs as privileged credentials: enforce expiration and rotation, remove cloud secrets from workflows, apply least privilege, and improve monitoring and developer training.

Microsoft Patch Tuesday — December 2025 Security Fixes

🛡️ Microsoft released its final Patch Tuesday of 2025, addressing 56 vulnerabilities including one actively exploited zero-day, CVE-2025-62221, and two publicly disclosed bugs. The zero-day is a privilege escalation in the Windows Cloud Files Mini Filter Driver, a core component used by cloud sync services such as OneDrive. Three flaws received Microsoft’s Critical rating, including two Office bugs exploitable via Outlook’s Preview Pane. Administrators should prioritize updates for the flagged privilege escalation issues and apply patches promptly.

Shai-Hulud 2.0: Detecting and Defending Supply-Chain Attacks

🛡️ The Shai-Hulud 2.0 campaign is a widescale npm supply-chain compromise that injects malicious preinstall scripts to execute a bundled Bun runtime and harvest cloud credentials. Microsoft Defender observed attackers installing GitHub Actions runners named SHA1HULUD, using TruffleHog to locate secrets, and exfiltrating stolen credentials to public repositories. The guidance outlines detections, hunting queries, and prioritized mitigations for developers, maintainers, and cloud defenders.

December 2025 Patch Tuesday: One Zero-Day, 57 CVEs Addressed

🔔 Microsoft’s December 2025 Patch Tuesday addresses 57 CVEs, including one actively exploited Important zero‑day in the Windows Cloud Files Mini Filter Driver and two publicly disclosed Important zero‑days impacting GitHub Copilot for JetBrains and PowerShell. Two Critical RCE flaws in Microsoft Office increase urgency for enterprise patching and remediation. Organizations should prioritize applying Microsoft fixes, adopt layered mitigations where patches are delayed, and use CrowdStrike Falcon dashboards to track affected assets and remediation progress.

IAM Policy Autopilot: Open-source IAM Policy Generator

🔧 IAM Policy Autopilot is an open-source static analysis tool that generates baseline AWS IAM identity-based policies by analyzing application code locally. Available as a CLI and an MCP server, it integrates with MCP-compatible AI coding assistants to produce syntactically correct, dependency-aware policies and to troubleshoot Access Denied errors. The tool favors functionality during initial deployments and recommends reviewing and tightening generated policies to meet least-privilege principles as applications mature.

AI Agents in CI/CD Can Be Tricked into Privileged Actions

⚠️ Researchers at Aikido Security discovered that AI agents embedded in CI/CD workflows can be manipulated to execute high-privilege commands by feeding user-controlled strings (issue bodies, PR descriptions, commit messages) directly into prompts. Workflows pairing GitHub Actions or GitLab CI/CD with tools like Gemini CLI, Claude Code, OpenAI Codex or GitHub AI Inference are at risk. The attack, dubbed PromptPwnd, can cause unintended repository edits, secret disclosure, or other high-impact actions; the researchers published detection rules and a free scanner to help teams remediate unsafe workflows.

Shai-Hulud 2.0 NPM malware exposed 400,000 developer secrets

🔒 Wiz researchers say the second Shai-Hulud NPM malware wave infected hundreds of packages and exposed roughly 400,000 raw secrets across some 30,000 GitHub repositories. Although TruffleHog verified about 10,000 secrets, Wiz found over 60% of leaked NPM tokens still valid as of Dec 1, leaving active credentials at risk. The payload propagated via the preinstall event (node setup_bun.js), affected over 800 package versions, and included a conditional destructive home-directory wipe. A small number of packages — notably @postman/tunnel-agent@0.6.7 and @asyncapi/specs@6.8.3 — represented the bulk of infections, indicating targeted mitigation could have sharply reduced impact.

Full-Stack NPM Supply-Chain Attack Targets Developers

🛡️ Socket researchers detail a sophisticated NPM supply-chain campaign that uses fake coding interviews to trick developers into installing trojanized packages. Attackers operate a

Shai-Hulud v2 Supply-Chain Campaign Hits Maven Central

⚠️ The second wave of the Shai-Hulud supply-chain attack has moved from npm into the Maven ecosystem after researchers found org.mvnpm:posthog-node:4.18.1 embedding the same setup_bun.js loader and bun_environment.js payload. The artifact was rebundled via an automated mvnpm process and was not published by PostHog; mirrored copies were purged from Maven Central on Nov 25, 2025. The campaign steals API keys, cloud credentials and npm/GitHub tokens by backdooring developer environments and injecting malicious GitHub workflows, affecting thousands of repositories.

Shai-Hulud 2.0: Inside a Major npm Supply-Chain Attack

🧨 Check Point Research details the Shai-Hulud 2.0 campaign, a rapid and extensive npm supply-chain attack observed in November 2025. Between 21–23 November attackers compromised hundreds of npm packages and over 25,000 GitHub repositories by abusing the npm preinstall lifecycle script to execute payloads before installation completed. The report outlines techniques, scale, and practical mitigations to help organizations protect development pipelines.

Shai-Hulud 2.0 Worm Spreads Through npm and GitHub

⚠️ Researchers at Wiz, JFrog and others are tracking a renewed campaign of the Shai‑Hulud credentials‑stealing worm spreading through the npm registry and GitHub. The new Shai‑Hulud 2.0 executes during the preinstall phase, exfiltrates developer and CI/CD secrets to randomized repositories, and injects malicious payloads into other packages. Widely used modules, including @asyncapi/specs, Zapier, Postman and others, have been compromised, prompting immediate remediation steps for affected developers and organizations.

Second Sha1-Hulud npm Wave Hits 25,000+ Repositories

⚠ Multiple security vendors report a second Sha1-Hulud campaign that has trojanized hundreds of npm packages and affected over 25,000 repositories. The attack leverages a preinstall script ("setup_bun.js") to install or locate the Bun runtime and execute a bundled payload ("bun_environment.js") that harvests credentials. The malware registers hosts as self-hosted GitHub runners named "SHA1HULUD", drops a vulnerable workflow (.github/workflows/discussion.yaml) to run arbitrary commands via repository discussions, exfiltrates secrets as artifacts, and then removes traces; when exfiltration fails it can attempt destructive wiping of the user home directory.

AWS CloudWatch Application Signals adds GitHub Action

🔍 AWS announced general availability of a new Application Observability for AWS GitHub Action and enhancements to the CloudWatch Application Signals MCP server that embed observability into developer workflows. Developers can now request trace-aware diagnostics inside GitHub — for example by mentioning @awsapm in Issues — and receive intelligent, observability-based responses without switching consoles. The MCP server updates also let AI coding agents (such as Kiro) identify the exact file, function, and line causing latency or errors and provide or modify OTel-based instrumentation guidance for CDK or Terraform across ECS, EKS, Lambda, and EC2.

Hidden Risks in DevOps Stacks and Data Protection Strategies

🔒 DevOps platforms like GitHub, GitLab, Bitbucket, and Azure DevOps accelerate development but also introduce data risks from misconfigurations, exposed credentials, and service outages. Under the SaaS shared responsibility model, customers retain liability for protecting repository data and must enforce MFA, RBAC, and tested backups. Third-party immutable backups and left-shifted security practices are recommended to mitigate ransomware, insider threats, and accidental deletions.

Microsoft Foundry: Modular, Interoperable Secure Agent Stack

🔧 Microsoft today expanded Foundry, its platform for building production AI apps and agents, with new models, developer tools, and governance controls. Key updates include broader model access (Anthropic, Cohere, NVIDIA), a generally available model router, and public previews for Foundry IQ, Agent Service features (hosted agents, memory, multi-agent workflows), and the Foundry Control Plane. Foundry Tools and Foundry Local bring real-time connectors and edge inference, while Managed Instance on Azure App Service eases .NET cloud migrations.

Job-test malware campaign shifts to public JSON dropboxes

🔎 The Contagious Interview campaign is delivering trojanized coding tests that fetch heavily obfuscated JavaScript from public JSON-storage services such as JSON Keeper, JSONSilo, and npoint.io. When executed in a Node.js test run the payloads decode and install the BeaverTail infostealer and then stage the InvisibleFerret RAT. NVISO Labs warns attackers are abusing developer trust and legitimate platforms and recommends sandboxing, auditing config files, and blocking suspicious outbound requests.

North Korean Hackers Use JSON Services for Malware

⚠️ NVISO researchers report that North Korean threat actors behind the Contagious Interview campaign are using public JSON storage services to stage and deliver malware. The attackers lure prospective victims—often developers—via LinkedIn with fake assessments or collaboration requests and host trojanized demo projects on code repositories. These projects point to obfuscated payloads on JSON Keeper, JSONsilo, and npoint.io that deploy a JavaScript loader BeaverTail which in turn drops a Python backdoor InvisibleFerret.

Typosquatted npm Package Targets GitHub Actions Builds

⚠️ A malicious npm package, @acitons/artifact, impersonated the legitimate @actions/artifact module and was uploaded on November 7 to specifically target GitHub Actions CI/CD workflows. It included a post-install hook that executed an obfuscated shell-script named "harness," which fetched a JavaScript payload (verify.js) to detect GitHub runners and exfiltrate build tokens. Using those tokens the attacker could publish artifacts and impersonate GitHub; the package accrued over 260,000 downloads across six versions before detection.

Malicious npm Package Typosquats GitHub Actions Artifact

🔍 Cybersecurity researchers uncovered a malicious npm package, @acitons/artifact, that typosquats the legitimate @actions/artifact package to target GitHub-owned repositories. Veracode says versions 4.0.12–4.0.17 included a post-install hook that downloaded and executed a payload intended to exfiltrate build tokens and then publish artifacts as GitHub. The actor (npm user blakesdev) removed the offending versions and the last public npm release remains 4.0.10. Recommended actions include removing the malicious versions, auditing dependencies for typosquats, rotating exposed tokens, and hardening CI/CD supply-chain protections.

GlassWorm Resurfaces in VS Code Extensions and GitHub

🐛 Researchers have found a renewed wave of the GlassWorm supply-chain worm targeting Visual Studio Code extensions and GitHub repositories after it was previously declared contained. The malware hides JavaScript payloads in undisplayable Unicode characters, making malicious code invisible in editors, and uses blockchain memos on Solana to publish remote C2 endpoints. Koi researchers identified three newly compromised OpenVSX extensions and observed credential theft and AI-styled commits used to propagate the worm.