bc1q3909urygy90qhytu32344ws0t5vy085y0h7xc8 0x71faaDcAF2538e7346885F772FBAcb88740059A8 49PeCUfdgmG1ZMAzUxz2WFWiRDbDrycrJ8qYVfxBq6HWCHjk7uncaoESm7CRF5DtxcFgStuvyvcfUD3p4xU33F8dPep53MP 11 analyses tagged ci-cd, sorted newest first.
An attacker hijacked a Pythagora co-founder's GitHub account, force-pushed a Shai-Hulud credential-stealer to gpt-pilot's main branch, and lost the payload twice to ruff lint failures before any public downstream execution was shown.
Microsoft reported that the Claude Code GitHub Action could expose workflow secrets through a Read-tool path that reached /proc/self/environ; Anthropic shipped v2.1.128 as the fixed release.
Snyk disclosed a June 2026 npm supply-chain wave that abuses native-addon build behavior through binding.gyp and node-gyp. The Phantom Gyp/Miasma activity affects packages including @vapi-ai, abandoned-package, and autotel packages and should be handled as install-time credential exposure.
Multiple @redhat-cloud-services npm packages were compromised on 2026-06-01 through trusted-publishing abuse tied to the Mini Shai-Hulud Miasma wave. The malicious releases added install-time payload execution, credential collection, destructive fallback behavior, and GitHub workflow tampering risk.
CISA added Linux kernel CVE-2026-31431 to KEV on 2026-05-01. Theori's Copy Fail research ties the bug to AF_ALG AEAD in-place operation and shows why shared CI runners, Kubernetes nodes, and multi-tenant Linux hosts need kernel patch proof or AF_ALG mitigation.
Microsoft attributed a 33-package npm dependency-confusion campaign to shared postinstall tradecraft that profiled developer environments, ran in reconnaissance-only mode, and beaconed to a shared command-and-control endpoint.
Microsoft reported 14 typosquatted npm packages under the vpmdhaj scope that impersonated OpenSearch, AWS SDK, STS, and Bun packages while collecting AWS, GitHub Actions, npm, Vault, Kubernetes, SSH, and local cloud configuration secrets.
All 53 reviewed tags for actions-cool/issues-helper and all 15 tags for actions-cool/maintain-one-comment were moved to dangling imposter commits that scraped GitHub Actions runner memory and exfiltrated credentials. GitHub now blocks access to both repositories.
Megalodon added malicious GitHub Actions workflows to thousands of public repositories to collect environment variables, cloud credentials, source-control secrets, and runner tokens.
Bitwarden confirmed that @bitwarden/[email protected] was maliciously distributed through the npm CLI delivery path for a short April 22, 2026 window. CVE-2026-42994 tracks the incident; artifact analysis tied the package to bw_setup.js, bw1.js, Bun bootstrap, credential theft, and GitHub fallback channels.
On March 19, 2026, the widely adopted container vulnerability scanner Trivy was compromised in a major supply chain attack. Cybercrime group TeamPCP poisoned version tags to harvest and exfiltrate runner credentials.