submitted by pylapp to security
9 points | 1 comments
https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/#the-dead-mans-switch
Publication croisée depuis programming.dev/post/41331208
“Upon execution, the malware downloads and runs TruffleHog to scan the local machine, stealing sensitive information such as NPM Tokens, AWS/GCP/Azure credentials, and environment variables.
The malicious code exfiltrates the stolen informatio...
submitted by pylapp to security
9 points | 1 comments
https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/#the-dead-mans-switch
Publication croisée depuis programming.dev/post/41331208
“Upon execution, the malware downloads and runs TruffleHog to scan the local machine, stealing sensitive information such as NPM Tokens, AWS/GCP/Azure credentials, and environment variables.
The malicious code exfiltrates the stolen information by creating a GitHub Action runner named SHA1HULUD, and a GitHub repository description Sha1-Hulud: The Second Coming… This suggests it may be the same attacker behind the “Shai-Hulud” attack observed in September 2025.
And now, over 27,000 GitHub repositories were infected.”