Live

Intelligence Feed

Latest threat intelligence articles from trusted security sources, auto-processed to extract entities, IoCs, and TTPs.

GitHub Actions Checkout Now Blocks Risky pull_request_target Checkouts

1h ago · socket-dev

GitHub has released actions/checkout v7 to mitigate a long-standing supply chain risk in GitHub Actions where privileged workflows using pull_request_target could execute attacker-controlled code from untrusted pull requests. These workflows run with elevated permissions, including access to secrets and tokens, and previously allowed malicious actors to steal credentials or publish malicious packages. The update blocks unsafe checkouts by default, particularly those pulling code from forked pull requests in high-privilege contexts. This change addresses a known attack pattern exploited in recent incidents involving Nx, PostHog, and TanStack.

The Code You Didn't Write Is Still Yours to Defend

1h ago · socket-dev

The article discusses the growing risk of software supply chain attacks in the era of AI-powered development, where AI agents autonomously pull and execute unvetted open source packages outside traditional security monitoring. These agents operate in blind spots, such as ephemeral sandboxes, where no scanning or registry controls exist. The speed of modern attacks—often exploiting vulnerabilities within hours of disclosure—exceeds traditional response timelines, rendering forensic-focused defenses ineffective. Proactive governance at the point of package ingestion, supported by real-time threat intelligence, is presented as a necessary defense.

Frontier AI Is Now Critical Infrastructure

1h ago · socket-dev

The U.S. government abruptly suspended global access to Anthropic's AI models, Claude Fable 5 and Mythos 5, citing national security risks following jailbreaks and unauthorized vulnerability discoveries in federal systems. The models, used for automated code analysis, were deemed a supply chain risk, prompting a federal blackout and export controls under ECRA. The shutdown highlights the growing classification of advanced AI as critical infrastructure, with significant implications for enterprise dependency and national cybersecurity policy.

Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and GitHub Actions, Expands to the Go Ecosystem

1h ago · socket-dev

A new wave of the Miasma Mini Shai-Hulud supply chain attack has compromised npm packages under LeoPlatform and RStreams, as well as a Go module associated with Verana Blockchain. The campaign uses malicious binding.gyp files in npm packages to trigger JavaScript execution during installation, stages payloads via Bun, and targets developer environments, CI/CD pipelines, and GitHub Actions for credential theft. It also spreads through poisoned repositories and source configurations, with persistence mechanisms targeting AI coding assistants and IDEs. The activity overlaps with prior incidents involving the same malware family and operational markers like 'RevokeAndItGoesKaboom'.

37 IoCs 1 Malware
Rolldown Pulls Rust React Compiler Integration After Binary Size Increase

1h ago · socket-dev

The Rolldown and Vite projects withdrew a Rust-based React Compiler integration due to a 17% increase in binary size, raising concerns about framework-specific bloat in otherwise agnostic tools. The integration, funneled through the Oxc project, aimed to improve build performance but faced criticism for imposing costs on all users regardless of React usage. The debate highlights a broader tension in frontend tooling between performance gains from native Rust integrations and the overhead of larger binaries, with potential implications for other frameworks like Vue, Svelte, and Angular.

Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages

1h ago · socket-dev

The Miasma Mini Shai-Hulud supply chain campaign has expanded to compromise legitimate @immobiliarelabs npm packages, specifically Backstage plugins for GitLab and LDAP authentication. Malicious versions were published on June 26, 2026, using a hidden root-level index.js to execute a multi-stage payload that steals developer and CI/CD secrets, including tokens, SSH keys, and cloud credentials. The attack leverages GitHub Actions deployment triggers and may have originated from a compromised third-party GitHub Action, codfish/semantic-release-action, enabling further propagation through poisoned workflows and exfiltration to attacker-controlled repositories.

71 IoCs
Chrome and Firefox Extensions Posing as Free VPNs Add Clipboard Stealers via Malicious Updates

1h ago · socket-dev

Malicious Chrome and Firefox browser extensions branded as 'VPN Go: Free VPN' have been distributing clipboard-stealing malware through staged updates. Initially appearing as legitimate free VPN tools, the extensions later added functionality to monitor and exfiltrate clipboard data, including passwords, API keys, and cryptocurrency addresses. The stolen data is sent to hardcoded IP addresses using HTTP GET requests with chunked encoding and session identifiers. Both extensions use obfuscated JavaScript and share infrastructure, indicating a coordinated campaign targeting user privacy under the guise of security.

11 IoCs
Risky Biz Podcast: AI Agents Are Raising the Stakes for Software Supply Chain Security

1h ago · socket-dev

The article discusses a surge in software supply chain attacks, where threat actors compromise popular open source packages and leverage trusted development workflows to distribute malicious code. The rise of AI coding agents exacerbates the risk by automatically pulling in dependencies without sufficient review, increasing the speed and scale of potential compromise. Attackers are targeting development tools such as package registries, IDE extensions, and source repositories, often evading traditional security measures.

AI Threat Readiness Pillar 4: Detect and contain threats in real-time

1h ago · wiz

The article discusses the evolving threat landscape in the AI era, emphasizing the need for real-time detection and containment of threats that leverage AI-driven techniques such as prompt injection, supply chain abuse, and exploitation of cloud-native AI services. Traditional detection methods are insufficient due to limited visibility, high false positive rates, and slow manual response times. Wiz addresses these challenges by providing comprehensive telemetry across cloud, workload, identity, and AI model layers, enabling automated investigation with the Blue Agent and rapid containment via orchestrated workflows.

How AI Is Rewriting the SecOps Playbook

1h ago · wiz

AI is transforming both offensive and defensive cybersecurity operations by accelerating software development and exploit creation. Attackers are leveraging AI to shorten exploitation timelines, challenging the traditional assumption that defenders have time to respond. Defenders can gain an advantage by using AI to maintain continuous, context-rich understanding of their environments across cloud, workload, and model layers, enabling faster and more accurate incident response.

Uncovering Hidden Attack Paths in Cloud Environments Using Runtime Signals

1h ago · wiz

Wiz introduces runtime signals in its Security Graph to uncover hidden attack paths in cloud environments by correlating live network connections with existing risk findings. This new capability reveals previously invisible threats, such as internet-facing AI chatbots with vulnerabilities that actively connect to external MCP servers or sensitive data stores. By integrating real-time telemetry from workloads, Wiz identifies complete, validated attack paths—like a vulnerable container with a live connection to an S3 bucket containing PII—enabling security teams to prioritize and remediate critical risks before exploitation.

MCP Auto-Execution: From Git Clone to Cloud Compromise in Amazon Q VS Code Extension

1h ago · wiz

Wiz Research discovered a high-severity vulnerability (CVE-2026-12957) in the Amazon Q Developer Extension for VS Code that allowed arbitrary code execution and cloud credential theft when a developer opened a malicious repository. The vulnerability stemmed from the extension automatically loading and executing MCP server configurations from workspace files without user consent. Combined with full environment inheritance, this enabled immediate execution of malicious commands with access to cloud credentials, posing a significant risk to developers and cloud environments.

2 IoCs
The Red Agent POV: Exploiting Broken Object-Level Authorization in an Airline GraphQL API

1h ago · wiz

The Red Agent, an autonomous AI-powered security testing tool, discovered a critical Broken Object-Level Authorization (BOLA) vulnerability in an airline's public GraphQL booking API. By exploiting sequential integer identifiers without backend authorization checks, the agent gained unauthenticated access to sensitive passenger data, including personal information, contact details, billing addresses, and active flight itineraries. The vulnerability allowed full read and write capabilities, enabling data exfiltration and unauthorized modifications to bookings, demonstrating a systemic authorization flaw in the API's resolver layer.

1 IoCs
The Borderless Attack Surface: Securing Public Sector Hybrid Environments

1h ago · wiz

The article discusses the growing complexity of securing hybrid cloud environments within the U.S. public sector, where interconnected systems expand the attack surface. It highlights how traditional, siloed security tools fail to provide context-aware risk assessment, leading to inefficient remediation. Wiz Exposure Management (Wiz XM) is presented as a solution that unifies on-premises and cloud telemetry to prioritize real, exploitable risks by correlating vulnerabilities with network exposure and mission impact.

Bridging the Visibility Gap: A Unified Security Operating Model for Hybrid Cloud Teams

1h ago · wiz

The article discusses Wiz's expansion of its security platform to support hybrid cloud environments, introducing the Sensor Workload Scanner (WLS) for on-premise infrastructure. It emphasizes unified risk visibility across cloud and on-premise systems, enabling security teams to detect attack paths such as exposed credentials and vulnerable workloads. The solution integrates runtime threat detection, attack surface management, and automated remediation to prioritize real, exploitable risks over isolated vulnerabilities.

Start Secure in the AI Era: Accelerating AI Threat Readiness with WizOS

1h ago · wiz

The article discusses the growing threat of AI-driven exploitation, where frontier AI models can autonomously discover vulnerabilities and generate exploits, drastically reducing the window for response. It emphasizes the importance of minimizing attack surface and improving response times, particularly through the use of hardened container base images. WizOS is introduced as a solution to reduce CVE exposure, mitigate supply chain risks, and accelerate mean time to remediate (MTTR) through automation and integration with AI coding agents.

Breaking Down the White House’s Actions on Post-Quantum Cryptography Readiness

1h ago · wiz

The White House has issued Executive Order 14409 and the OMB released memorandum M-26-15 to accelerate federal agency migration to post-quantum cryptography (PQC) due to emerging threats from quantum computing. The initiative mandates strict timelines for transitioning High Value Assets and High Impact Systems to NIST-approved PQC standards by 2030–2035, with a focus on risk-based prioritization, automation, and cryptographic inventory management. The effort extends to government contractors and critical infrastructure, requiring compliance with PQC standards and integration into cloud modernization efforts to mitigate 'Harvest Now, Decrypt Later' risks.

Build AI Security Agents with Wiz MCP

1h ago · wiz

The article introduces Wiz MCP, a platform enabling AI-driven security workflows by connecting AI assistants and custom agents to the Wiz Security Graph. It allows security teams to automate tasks such as vulnerability triage, threat investigation, and compliance monitoring using trusted context and predefined security skills. The focus is on enhancing AI-powered security operations rather than reporting active cyber threats or adversary activity.

Mastra npm Supply Chain Attack: 140+ Packages Backdoored via easy-day-js Typosquat

2w ago · step-security

On June 17, 2026, a supply chain attack compromised the @mastra npm organization, resulting in 140+ packages being backdoored through the malicious dependency easy-day-js@1.11.22. This package, a typosquat of the legitimate 'dayjs' library, contained an obfuscated postinstall dropper that fetched and executed a second-stage payload from attacker-controlled infrastructure. The attack targeted high-value AI development environments, aiming to harvest sensitive credentials such as API keys and cloud tokens, with over 1.1 million weekly downloads exposed.

11 IoCs
codfish/semantic-release-action GitHub Action has been compromised

3d ago · step-security

On June 24, 2026, the codfish/semantic-release-action GitHub Action was compromised via a force-push to a malicious commit, which redirected multiple version tags to execute attacker-controlled code. The malicious payload steals GitHub OIDC and Personal Access Tokens, uses GitHub API commit messages as a C2 channel, and propagates by poisoning AI coding assistant configurations and publishing malicious packages to npm, PyPI, and RubyGems. It also performs lateral movement via SSH and evades detection by using legitimate GitHub infrastructure for exfiltration.

11 IoCs
simonecorsi/mawesome GitHub Action has been compromised

3d ago · step-security

On June 24, 2026, the simonecorsi/mawesome GitHub repository was compromised by an attacker who force-pushed malicious commits and repointed several version tags to execute attacker-controlled code within GitHub Actions runners. This allowed the attacker to potentially gain access to any workflow running against the affected tags. The attack resembles a prior compromise of the codfish/semantic-release-action repository.

2 IoCs
Maven Support Comes to GitHub Checks and OSS Package Search

3d ago · step-security

The Java ecosystem is increasingly targeted by supply chain attacks, as demonstrated by the Shai-Hulud worm's second wave and a malicious lookalike of the Jackson JSON library published to Maven Central. These attacks leverage compromised or freshly published dependencies to deliver payloads such as Cobalt Strike, exploiting the window between publication and detection. Traditional vulnerability scanners are often too slow to respond, making real-time protection critical. StepSecurity now extends its Maven support to GitHub Checks and OSS Package Search to block compromised and newly published malicious Java dependencies during pull requests.

1 IoCs 2 Malware
Multiple @immobiliarelabs Backstage Plugins Compromised on npm

3d ago · step-security

Multiple npm packages maintained by Immobiliare Labs were compromised on June 26, 2026, with malicious versions published across all major release lines simultaneously. The backdoored packages execute a credential-stealing payload during installation via a binding.gyp node-gyp hook, bypassing traditional postinstall detection. The payload harvests secrets from CI/CD environments, cloud providers, and package registries, and attempts persistence in AI coding assistant configurations. This activity is linked to the Miasma campaign, known for supply chain worm behavior and evasion techniques using the Bun runtime.

25 IoCs
A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens

1mo ago · google-project-zero

Google Project Zero discovered a 0-click exploit chain targeting the Google Pixel 10, leveraging a modified version of a previously known Dolby vulnerability (CVE-2025-54957) and a new kernel vulnerability in the VPU driver. The VPU driver exposes MMIO register mappings without proper bounds checking, allowing arbitrary physical memory mapping and kernel memory modification from userspace. This enables trivial privilege escalation to kernel code execution. The vulnerability was reported in November 2025 and patched in the February 2026 Pixel security bulletin, marking improved triage response from Android.

1 IoCs
North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

2d ago · hacker-news

North Korean threat actors have been linked to a software supply chain attack involving malicious npm packages that impersonate legitimate Rollup polyfill tools. The packages, such as 'rollup-packages-polyfill-core' and 'rollup-runtime-polyfill-core', install secondary-stage malicious dependencies to steal developer secrets and enable remote access. The malware evades analysis environments, exfiltrates credentials, and supports interactive command execution, targeting developer workstations and CI/CD systems. This activity mirrors previous Lazarus-linked campaigns exploiting npm for credential theft.

15 IoCs 2 Malware
Flipper Zero firmware development continues with community help

2h ago · bleeping-computer

Flipper Devices has announced a shift in its firmware development strategy for the Flipper Zero, transitioning to a community-driven model with a reduced internal team. While official firmware maintenance will continue, full-time feature development has ended, and future updates will depend on community contributions reviewed by the core team. The company aims to focus on new hardware like the Flipper One and Busy Bar, while leveraging community input to sustain the Flipper Zero platform. This change follows user backlash over perceived abandonment of firmware development.

Secure Registry now tells you which machine pulled a compromised package

3d ago · step-security

On June 17, 2026, an attacker compromised the @mastra npm organization and introduced a typosquatted package, easy-day-js, into over 140 packages in the Mastra AI framework ecosystem. The malicious package executed an obfuscated postinstall dropper that retrieved a second-stage payload from an attacker-controlled server before deleting itself. This supply chain attack exposed more than 1.1 million weekly downloads, highlighting the need for rapid incident response and source attribution to determine affected systems.

3 IoCs
10 Layers Deep: How StepSecurity Stops TeamPCP's Trivy Supply Chain Attack on GitHub Actions

3d ago · step-security

In March 2026, the threat actor TeamPCP compromised 76 version tags of the aquasecurity/trivy-action GitHub Action by injecting a credential stealer, exploiting elevated privileges to harvest secrets from memory and exfiltrate them to a malicious domain. The same actor targeted other platforms including PyPI packages litellm and telnyx, and previously compromised the Checkmarx KICS GitHub Action using similar tactics. These supply chain attacks highlight a broader trend of targeting CI/CD pipelines to steal credentials and cloud tokens. The attacks leveraged typosquatted domains and memory scraping techniques, underscoring the need for layered defenses in GitHub Actions environments.

2 IoCs 1 Actors 1 CVEs
StepSecurity Maintained Actions Are Now Free for Public Repos

2d ago · step-security

In March 2025, the tj-actions/changed-files GitHub Action, used by over 23,000 repositories, was compromised in a supply chain attack that exfiltrated CI/CD secrets via malicious code injected through tampered version tags. StepSecurity detected the incident using its Harden-Runner tool and provided a secure, drop-in replacement, step-security/changed-files, which has since been adopted by thousands of projects. This event highlighted the risks of relying on unmaintained third-party GitHub Actions and led StepSecurity to make its catalog of 500+ maintained, security-hardened actions freely available for public repositories to improve overall CI/CD security across the open-source ecosystem.

2 IoCs 1 CVEs
Next →