Back to buckman's feed
📦Dependency ConfusionMicrosoft Security Blog

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft (opens in new tab)

Covers Active Supply Chain Attack Compromises @antv Packages on npmCovered by 4 sources See all sources covering this story including This Week In 4n6, DEV Community

Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and targets credentials across GitHub, AWS, Kubernetes, Vault, npm, and 1Password platforms. The post Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft appeared first on Microsoft Security Blog.

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Covered in 4 articles

This Week In 4n6·

Week 21

Feeds
DEV Community·

The New Shape of Supply-Chain Trust

Discussed on DEV
Feeds
BadCyber·

IT Security Weekend Catch Up

Feeds
View all 4 ›

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help