ci cd security
7 posts
Megalodon hijacked 55,000 GitHub repos via token replay
Megalodon compromised 55,000+ GitHub repositories through PAT harvesting, pull_request_target abuse, and OAuth scope inheritance. Technical breakdown.
Your valid credentials are the breach.
Technical analysis of a coordinated GitHub Actions workflow compromise across 5,561 repositories, with detection guidance for audit log and EDR telemetry.
Malicious commits breached 5,561 repositories
5,561 GitHub repos received malicious CI/CD commits disguised as bot maintenance. The failure was identity enforcement, not exploit complexity.
npm was never a trust boundary
Technical analysis of the Shai-Hulud npm supply chain attack hitting 314 packages including echarts-for-react, size-sensor, and timeago.js.
Shai-Hulud worm compromises 314 npm packages
Shai-Hulud npm worm hits 314 more packages via compromised maintainer accounts. Mechanism, telemetry gaps, and residual exposure analyzed.
ShinyHunters exfiltrated Cisco source through Trivy
ShinyHunters exfiltrated Cisco source code through Trivy. The scanner inherited the runtime's identity. The runtime held everything.
Vercel hands attackers your build pipeline
Technical IR playbook for a Vercel CI/CD compromise: attack chain, MITRE ATT&CK mapping, telemetry gaps, containment sequence, and residual exposure.