appsec.fyi · Sources

stepsecurity.io

5 curated AppSec resources from stepsecurity.io across 1 topics on appsec.fyi.

stepsecurity.io

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-21.

Supply Chain 5
Date Added Resource Excerpt
2026-05-21 20265 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not EnoughSupply ChainIn a rapid 48-hour period, five supply chain attacks occurred, highlighting the critical need for multi-layered security. These incidents demonstrate that securing just one aspect of the supply chain is insufficient to prevent breaches. The rapid succession of attacks underscores the persistent and evolving threat to software development and delivery pipelines. Organizations must adopt a comprehensive security strategy that addresses vulnerabilities across all stages of the supply chain to effectively mitigate these risks.
2026-05-14 2026Active Supply Chain Attack: Malicious node-ipc Versions Published to npmSupply ChainTool detailing the node-ipc supply chain attack where malicious versions 9.1.6, 9.2.3, and 12.0.1 were published to npm. The attack, executed by a rogue maintainer, injected an obfuscated payload into the CommonJS bundle designed to steal over 90 categories of credentials and exfiltrate them to an attacker-controlled server. Version 12.0.1 includes a specific targeting gate based on the module's file path hash.
2026-04-22 2026litellm: Credential Stealer Hidden in PyPI WheelSupply ChainLibrary detailing a supply chain compromise within the litellm Python package. Versions 1.82.7 and 1.82.8 were found to contain a malicious payload that harvests credentials, encrypts them using AES-256 and RSA-4096, and exfiltrates them to an attacker-controlled domain. The compromise leveraged two distinct injection techniques: a `.pth` file in version 1.82.8, and an embedded base64 blob in `proxy_server.py` for version 1.82.7. This attack potentially gained initial access through a pivot from a compromise of the Trivy tool used in litellm's CI/CD pipeline.
2026-04-11 2026Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM PackagesSupply ChainLibrary for detecting and analyzing the Shai-Hulud worm, which compromised over 500 NPM packages including @ctrl/tinycolor. This attack featured self-propagation via `NpmModule.updatePackage`, credential harvesting using TruffleHog and cloud SDKs for AWS, GCP, and Azure, and persistence mechanisms involving GitHub Actions workflows. The malware specifically targeted Linux and macOS environments, exfiltrating secrets like GitHub tokens and AWS access keys.
2026-04-07 2026Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain AttackSupply ChainAnalysis of the largest npm supply chain attack detailing StepSecurity's real-time detection of a compromised axios package. The incident involved a state-sponsored actor hijacking the popular HTTP client, inserting a malicious dependency, and actively deleting GitHub issues to conceal the compromise. StepSecurity utilized its AI Package Analyst and Harden-Runner to identify suspicious indicators and anomalous network activity, enabling rapid notification and remediation efforts for customers.