More

varunsharma07 · 2026-06-17T02:10:51 1781662251

Mastra is an open-source TypeScript framework for building AI agents, workflows, and RAG pipelines.

The StepSecurity Threat Intelligence Team has identified that multiple mastra npm packages have been compromised.

varunsharma07 · 2026-05-23T01:04:53 1779498293

On May 22, 2026, an attacker with push access to the Laravel-Lang GitHub organization rewrote every git tag across multiple popular Composer packages within a single 15 minute window.

varunsharma07 · 2026-05-11T23:11:17 1778541077

@mistralai/mistralai npm package was also compromised as part of this worm https://github.com/mistralai/client-ts/issues/217

It has been pulled from the npm registry now.

varunsharma07 · 2026-05-11T21:08:25 1778533705

The Mini Shai-Hulud worm is actively compromising legitimate npm packages by hijacking CI/CD pipelines and stealing developer secrets. StepSecurity's OSS Package Security Feed first detected the attack in official @tanstack packages and is tracking its spread across the ecosystem in real time.

janice1999 · 2026-05-11T21:51:23 1778536283

How did you guys detect it? Do you use it internally or do you monitor popular packages?

varunsharma07 · 2026-05-12T16:47:00 1778604420

We have built an AI Package Analyst https://app.stepsecurity.io/oss-security-feed and also monitor them using https://github.com/step-security/harden-runner for runtime behavior.

varunsharma07 · 2026-03-15T21:37:28 1773610648

The StepSecurity threat intelligence team discovered that dev-protocol — a verified GitHub organization with 568 followers belonging to a legitimate Japanese DeFi project — has been hijacked and is now being used to distribute malicious Polymarket trading bots.

varunsharma07 · 2026-03-14T16:39:35 1773506375

An attacker is compromising hundreds of GitHub accounts and injecting identical malware into hundreds of Python repositories. The earliest injections date to March 8, 2026, and the campaign is still active with new repos continuing to be compromised.

varunsharma07 · 2026-03-01T09:54:17 1772358857

The root cause is workflows that grant trust to untrusted inputs: pull_request_target that checks out and executes fork code with repo secrets, ${{ }} expressions that interpolate branch names/filenames into shell commands unsanitized, and issue_comment triggers with no author_association check.

These attacks only work when maintainers opt into dangerous patterns without guardrails.

varunsharma07 · 2026-03-01T09:22:56 1772356976

We analyzed an autonomous bot (hackerbot-claw) that's actively scanning GitHub repos for exploitable Actions workflows. It hit Microsoft, DataDog, a CNCF project, and awesome-go (140k stars) achieving RCE in 4 out of 5 targets and exfiltrating a GITHUB_TOKEN. Full breakdown of the 5 attack techniques with evidence.

alexellisuk · 2026-03-02T07:45:19 1772437519

I think it says something about the current focus and mindset, that this got 12 upvotes, despite you having posted it three times.

We also care about security for CI and production workloads (actuated/slicervm). I would have liked to have seen more people becoming aware of this, and taking action.

The CLAUDE_CODE_OAUTH_TOKEN exfil is interesting. When our code review both runs, it thinks it has a valid LLM token, but it's a dummy API key that's replaced through MITM on egress. (Not a product, just something we've found very valuable internally.. )

https://blog.alexellis.io/ai-code-review-bot/

varunsharma07 · 2026-02-18T10:14:38 1771409678

cline@2.3.0 was published with a malicious post-install script that silently installs OpenClaw on any machine running npm install.

varunsharma07 · 2025-12-03T19:55:20 1764791720

A case study on detecting npm supply chain attacks through runtime monitoring and baseline anomaly detection