The article describes how software supply chain attacks now rely on trusted upstream compromise, CI/CD abuse, secret harvesting, and downstream propagation across packages, actions, and developer tools. It highlights incidents such as Axios, Shai-Hulud 2.0, tj-actions/reviewdog, and TeamPCP, and explains that defenders must treat maintainer identity, dependency governance, and workflow security as core controls. #Axios #ShaiHulud #tjactions #reviewdog #TeamPCP #Trivy #LiteLLM #KICS
Keypoints
- Modern supply chain attacks target trust relationships in software delivery instead of only attacking production systems directly.
- Recent campaigns exploited maintainer accounts, release workflows, CI/CD runners, and mutable tags to distribute malicious code.
- Axios was compromised through social engineering, leading to malicious package publishing outside the normal CI workflow.
- Shai-Hulud 2.0 abused preinstall execution, bootstrapped tooling, and harvested secrets with TruffleHog before exfiltrating through attacker-controlled repositories.
- tj-actions/reviewdog showed how upstream action compromise can steal CI secrets and spread malicious code into downstream repositories.
- TeamPCP demonstrated cascading trust-chain compromise, with stolen credentials enabling lateral movement into adjacent ecosystems such as LiteLLM and KICS.
- The article recommends treating dependency resolution, maintainer identity, CI workflow design, and extension governance as primary security controls.
MITRE Techniques
- [T1195 ] Supply Chain Compromise â Malicious code was inserted into trusted packages, actions, and artifacts, such as compromised npm packages and GitHub Actions (âmalicious package versionsâ and âtrusted packages, actions, or artifactsâ).
- [T1552 ] Unsecured Credentials â Attackers stole CI secrets, bot tokens, registry credentials, and developer-side secrets (âharvested secretsâ and âsecret theft from CI runnersâ).
- [T1059 ] Command and Scripting Interpreter â Code executed through install hooks, preinstall logic, shell commands, and workflow task logic (âexecuted during preinstallâ and âsetup scriptsâ).
- [T1027 ] Obfuscated/Compressed Files and Information â Payloads were disguised or staged to resist review, including evolving dependencies and bootstrapped runtime behavior (âevolved from benign to maliciousâ).
- [T1071 ] Application Layer Protocol â Exfiltration and command traffic used standard web protocols (âExfiltration was stagedâ and âover standard web trafficâ).
- [T1078 ] Valid Accounts â Compromised maintainer, bot, registry, and CI identities were abused after takeover (âcompromised maintainer accountsâ and âauthenticated sessionsâ).
Indicators of Compromise
- [CVE ] vulnerability reference â CVE-2025-30066, and other referenced campaign IDs tied to the incidents.
- [Package / repository names ] compromised or targeted software components â Axios, plain-crypto-js, TruffleHog, and other packages/actions such as reviewdog and tj-actions.
- [Organizations / ecosystems ] affected supply-chain ecosystems â npm, GitHub Actions, PyPI, VS Code extension marketplace, and other adjacent tooling ecosystems.
- [Attack artifacts / tools ] malicious or abused tooling â Bun, GitHub runner components, and attacker-controlled repositories used for exfiltration.
Read more: https://guardsix.com/blog/supply-chain-attacks-abusing-good-nature-for-profit