A new supply chain worm is siphoning enterprise API keys and secrets. π
A cluster of at least 19 malicious npm packages has been identified in an active credential harvesting campaign. This “Shai-Hulud” worm automatically propagates by abusing stolen @[GitHub](urn:li:organization:1118635) identities.
The malicious code targets developer environments to steal environment secrets, access tokens, and cloud API keys. Once a developer is compromised, the worm uses their credentials to publish trojanized versions of legitimate packages to extend its reach.
The uncomfortable truth: Your internal software supply chain is only as secure as the personal GitHub account of your most distracted developer.
β Run a scan of all internal node_modules for known malicious package fingerprints.
β Enforce hardware-based MFA for all npm and GitHub account access.
β Implement secrets scanning to prevent API keys from being stored in environment variables.
Do you have visibility into which third-party packages are currently running in your dev environments? π
#Cybersecurity #AppSec #SupplyChain #SoftwareSecurity #SOC #CodeDefence