Random in Security is a summary of the cybersecurity news.
Interesting Reads#
Mini Shai-Hulud Worms Through TanStack npm Packages#
TeamPCP’s self-propagating malware compromised 84 versions across 42 TanStack npm packages by chaining a pull_request_target workflow pattern, GitHub Actions cache poisoning, and OIDC tokens extracted straight from runner memory.
The worm harvests credentials from over 100 file paths and CI environments, then uses the stolen tokens to spread itself to other packages owned by compromised maintainers — all while publishing with valid SLSA provenance, because attestations prove which pipeline built an artifact, not whether that pipeline was possessed.
The TanStack team’s postmortem is commendably transparent: external researchers detected the attack within about 20 minutes, all malicious versions (tracked in the original disclosure issue) were deprecated within 1.5 hours, and workflows have since been hardened with pinned action references and purged caches.
The HN discussion adds a delightful detail: the payload included a dead-man’s switch that destroys user data if the stolen tokens get revoked — incident response with a hostage situation built in.
Megalodon: Mass Repo Backdooring via CI Workflows#
The Megalodon campaign injected malicious GitHub Actions workflows into 5,561 repositories within six hours, disguised as routine CI maintenance commits — the kind nobody actually reviews. The backdoors exfiltrate CI secrets, cloud credentials, SSH keys, and OIDC tokens to a C2 server, and reached npm when the legitimate Tiledesk maintainer unknowingly published from a backdoored repository. Compromising the upstream repo instead of the package account neatly sidesteps everything the registry-side security controls were built to catch.
GitHub’s Turn: 3,800 Internal Repositories Accessed#
GitHub disclosed unauthorized access to roughly 3,800 of its internal repositories after an employee device was compromised through a poisoned VS Code extension. That extension was Nx Console 18.95.0, itself compromised via the TanStack attack above — the malicious build (CVE-2026-48027) harvested credentials from npm, AWS, GitHub, and 1Password, and needed only 18 minutes on the VS Marketplace to reach thousands of users. GitHub reports no customer-data impact, rotated critical secrets, and now requires Enterprise Server customers to update GPG signing keys before installing future patches. The whole chain — npm worm to poisoned IDE extension to GitHub’s own internals — is the supply-chain-risk diagram every conference talk has been drawing for years, except this time it shipped.