InvisiRisk Blog Posts

Date Observed:  March–April 2026  Ecosystem:  npm, Node.js, CI/CD pipelines  Targets:  Axios npm package consumers: 100M+ weekly downloads across JavaScript and Node.js build environments  Attack Type:  Maintainer account compromise, malicious package publish, cross-platform RAT delivery  Key Takeaways A North Korea-linked threat actor hijacked an Axios npm maintainer account and published malicious versions containing a cross-platform Remote Access Trojan Any CI/CD pipeline

Date Observed : March 2026 Ecosystem : GitHub Actions, npm, PyPI Targets : Aqua Security Trivy, Checkmarx KICS, BerriAI LiteLLM Attack Type : Supply chain compromise, mutable tag hijacking, CI/CD credential theft, self-propagating worm, PyPI wheel backdoor Key Takeaways : TeamPCP targeted CI/CD pipelines, not just source code . The campaign abused trusted paths like GitHub Actions, npm, and PyPI. Once inside the pipeline, attackers could access secrets and credentials . Down

Date Observed : October 2025 – ongoing (March 2026) Ecosystem : VS Code/OpenVSX extensions, npm packages, GitHub repositories Attack Type : Stealthy supply-chain compromise → hidden payload execution → credential theft → lateral spread Key Takeaways: Invisible payloads : Malicious code is hidden in Unicode characters, making it invisible in editors and diffs. Decentralized C2 : Uses Solana blockchain with Google Calendar fallback for resilient command delivery. Wide propagati

Date of Discovery : February 20, 2026 Ecosystem : npm Type of Attack : Credential theft + AI tool compromise + worm propagation Scope : At least 19 typo-squatted npm packages Impact : Credential theft, GitHub Actions abuse, MCP injection, multi-channel exfiltration, and destructive fallback capability A coordinated supply chain attack targeted the npm ecosystem under the codename SANDWORM_MODE, disclosed by Socket Research Team on February 20, 2026. The campaign combines cred

Date Observed : Late February 2026 Ecosystem : GitHub Actions CI/CD Attack Type : Pull-request triggered workflow exploitation → Remote Code Execution (RCE) → Token theft Key Takeaways: Hackerbot-Claw exploited misconfigured GitHub Actions workflows using malicious pull-request (PR) input. The attack executed inside the CI/CD build environment, not in merged code. Once tokens were exposed, attackers could modify repositories and publish artifacts. A recent campaign attributed

by Tom Hamilton, CTO and Co-Founder, InvisiRisk, Inc. Key Takeaways: CI/CD pipeline attacks increasingly target build systems and pipeline configuration, not just source code. SCA, SAST, DAST, and IaC tools are still essential, but they do not stop build-time secret exfiltration, build-environment tampering, or runtime abuse inside the pipeline. A Build Application Firewall (BAF) enforces security policies inline during the build by understanding build communications protocol

Vulnerabilities are inevitable, but a successful breach doesn't have to be. We aren't just scanning known vulnerabilities; we are ensuring that even if an attacker finds a way into your build system, they cannot get your data out.

Between November 21-23, the Shai-Hulud worm returned in a more aggressive form, rapidly spreading through the NPM ecosystem and Maven, compromising tens of thousands of repositories. InvisiRisk Build Application Firewall (BAF) includes a robust set of default security policies that enforce expected build behavior. The "Unauthorized PUT" policy serves as a critical defense against attacks like Shai-Hulud.

The nx 's1ngularity' attack is a powerful reminder that supply chain security requires more than just scanning dependencies. InvisiRisk provides the proactive, real-time defense needed to secure the modern software development lifecycle.

InvisiRisk’s BAF enforces defensive rules in the build pipeline (trusted registries/SCM, blocked packages, secret-leak prevention, response checks, git protections), and the Build Security AI Agent feature provides behavioral detection for novel, suspected worm-style activities. The defensive rules and the agent work together to stop supply-chain worms and credential-theft campaigns from spreading through your builds.

Integrating InvisiRisk Build Application Firewall into your development workflow is a practical way to ensure that even if attackers try to slip malware into NPM or Git, your build process will catch it and shut it down before any damage is done.

This post breaks down how this attack works, it’s devastating potential, and demonstrates how InvisiRisk's Build Application Firewall (BAF) provides a crucial, proactive defense by preventing the use of vulnerable GIT versions before they can be exploited. 

The dynamic nature of CI/CD pipelines necessitates a solution that can identify and block threats as they happen. InvisiRisk BAF acts as a vigilant guardian for your build process, ensuring that even if a vulnerability is present, it cannot be successfully exploited. By shifting from a reactive to a proactive security model, you can confidently leverage the power of automation without compromising the integrity of your software supply chain.

InvisiRisk, Inc. is excited to announce the launch of its revolutionary Build Security AI Agent, designed to transform the security landscape of software supply chains. This innovative solution leverages advanced artificial intelligence to provide unparalleled protection for CI/CD pipelines, ensuring the integrity and security of software development processes.

InvisiRisk BAF is an advanced security platform that strengthens software build processes against supply chain threats. It offers real-time defense by applying default security policies that block known vulnerabilities, ensure the use of trusted sources, and restrict unauthorized activities during builds.

Typosquatting attacks are a silent but significant threat in the software supply chain. Relying solely on manual vigilance is no longer sufficient. Our Build Application Firewall (BAF) is designed with a robust set of default security policies to protect your applications from various vulnerabilities.

The ICO fine levied against , Advanced Computer Software Group Ltd, serves as a stark reminder of the importance of supply chain security.

InvisiRisk BAF’s layered, real-time security stops attacks like the Ultralytics/Action Compromise

InvisiRisk BAF’s layered, real-time security stops attacks like the Ultralytics/Action Compromise

InvisiRisk BAF is a security solution specifically designed to protect the software build process from various threats.