InvisiRisk Blog Posts

Date Observed: April 23, 2026 Ecosystem: npm (Node.js) Targets: Developer workstations, GitHub Actions CI/CD pipelines, cloud environments, AI coding tool configurations Attack Type: Supply chain compromise: account hijack, OIDC Trusted Publishing abuse, malicious preinstall hook Impact: SSH keys, GitHub/npm tokens, AWS/GCP/Azure credentials, AI tool configs, and Actions secrets exfiltrated; GitHub tokens weaponized to inject malicious workflows into downstream repositories K

Date Observed: April 22, 2026 Ecosystem: PyPI (Python) Targets: AI/MLOps teams, CI/CD pipelines, cloud-connected LLM inference environments Attack Type: Supply chain compromise Impact: SSH keys, AWS/GCP/Azure/Kubernetes credentials, .env secrets, and CI/CD tokens exfiltrated to attacker-controlled infrastructure Key Takeaways Versions 2.6.0, 2.6.1, and 2.6.2 of xinference on PyPI were compromised; all three have been yanked. The payload executes on import xinference, with no

Latest release (v1.1.38) delivers real-time encoded secret interception, deep dependency intelligence, and expanded GitHub Actions support Houston, TX, April 21, 2026 - InvisiRisk, which released the industry’s first Build Application Firewall (BAF) in 2025, today announced a major platform update that strengthens real-time protection of CI/CD pipelines against encoded credential exfiltration, supply-chain compromise, and dependency manipulation techniques driving today’s mos

Date Observed: March–April 2026 Ecosystem: npm, Node.js, CI/CD pipelines Targets: Axios npm package consumers: 100M+ weekly downloads across JavaScript and Node.js build environments Attack Type: Maintainer account compromise, malicious package publish, cross-platform RAT delivery Key Takeaways A North Korea-linked threat actor hijacked an Axios npm maintainer account and published malicious versions containing a cross-platform Remote Access Trojan Any CI/CD pipeline

Date Observed : March 2026 Ecosystem : GitHub Actions, npm, PyPI Targets : Aqua Security Trivy, Checkmarx KICS, BerriAI LiteLLM Attack Type : Supply chain compromise, mutable tag hijacking, CI/CD credential theft, self-propagating worm, PyPI wheel backdoor Key Takeaways : TeamPCP targeted CI/CD pipelines, not just source code . The campaign abused trusted paths like GitHub Actions, npm, and PyPI. Once inside the pipeline, attackers could access secrets and credentials . Down

Date Observed : October 2025 – ongoing (March 2026) Ecosystem : VS Code/OpenVSX extensions, npm packages, GitHub repositories Attack Type : Stealthy supply-chain compromise → hidden payload execution → credential theft → lateral spread Key Takeaways: Invisible payloads : Malicious code is hidden in Unicode characters, making it invisible in editors and diffs. Decentralized C2 : Uses Solana blockchain with Google Calendar fallback for resilient command delivery. Wide propagati

Date of Discovery : February 20, 2026 Ecosystem : npm Type of Attack : Credential theft + AI tool compromise + worm propagation Scope : At least 19 typo-squatted npm packages Impact : Credential theft, GitHub Actions abuse, MCP injection, multi-channel exfiltration, and destructive fallback capability A coordinated supply chain attack targeted the npm ecosystem under the codename SANDWORM_MODE, disclosed by Socket Research Team on February 20, 2026. The campaign combines cred

Date Observed : Late February 2026 Ecosystem : GitHub Actions CI/CD Attack Type : Pull-request triggered workflow exploitation → Remote Code Execution (RCE) → Token theft Key Takeaways: Hackerbot-Claw exploited misconfigured GitHub Actions workflows using malicious pull-request (PR) input. The attack executed inside the CI/CD build environment, not in merged code. Once tokens were exposed, attackers could modify repositories and publish artifacts. A recent campaign attributed

by Tom Hamilton, CTO and Co-Founder, InvisiRisk, Inc. Key Takeaways: CI/CD pipeline attacks increasingly target build systems and pipeline configuration, not just source code. SCA, SAST, DAST, and IaC tools are still essential, but they do not stop build-time secret exfiltration, build-environment tampering, or runtime abuse inside the pipeline. A Build Application Firewall (BAF) enforces security policies inline during the build by understanding build communications protoco