InvisiRisk Blog Posts

Date of Discovery : February 20, 2026 Ecosystem : npm Type of Attack : Credential theft + AI tool compromise + worm propagation Scope : At least 19 typo-squatted npm packages Impact : Credential theft, GitHub Actions abuse, MCP injection, multi-channel exfiltration, and destructive fallback capability A coordinated supply chain attack targeted the npm ecosystem under the codename SANDWORM_MODE, disclosed by Socket Research Team on February 20, 2026. The campaign combines cred

Date Observed : Late February 2026 Ecosystem : GitHub Actions CI/CD Attack Type : Pull-request triggered workflow exploitation → Remote Code Execution (RCE) → Token theft Key Takeaways: Hackerbot-Claw exploited misconfigured GitHub Actions workflows using malicious pull-request (PR) input. The attack executed inside the CI/CD build environment, not in merged code. Once tokens were exposed, attackers could modify repositories and publish artifacts. A recent campaign attributed

by Tom Hamilton, CTO and Co-Founder, InvisiRisk, Inc. Key Takeaways: CI/CD pipeline attacks increasingly target build systems and pipeline configuration, not just source code. SCA, SAST, DAST, and IaC tools are still essential, but they do not stop build-time secret exfiltration, build-environment tampering, or runtime abuse inside the pipeline. A Build Application Firewall (BAF) enforces security policies inline during the build by understanding build communications protocol

Vulnerabilities are inevitable, but a successful breach doesn't have to be. We aren't just scanning known vulnerabilities; we are ensuring that even if an attacker finds a way into your build system, they cannot get your data out.

Between November 21-23, the Shai-Hulud worm returned in a more aggressive form, rapidly spreading through the NPM ecosystem and Maven, compromising tens of thousands of repositories. InvisiRisk Build Application Firewall (BAF) includes a robust set of default security policies that enforce expected build behavior. The "Unauthorized PUT" policy serves as a critical defense against attacks like Shai-Hulud.

The nx 's1ngularity' attack is a powerful reminder that supply chain security requires more than just scanning dependencies. InvisiRisk provides the proactive, real-time defense needed to secure the modern software development lifecycle.

InvisiRisk’s BAF enforces defensive rules in the build pipeline (trusted registries/SCM, blocked packages, secret-leak prevention, response checks, git protections), and the Build Security AI Agent feature provides behavioral detection for novel, suspected worm-style activities. The defensive rules and the agent work together to stop supply-chain worms and credential-theft campaigns from spreading through your builds.

Integrating InvisiRisk Build Application Firewall into your development workflow is a practical way to ensure that even if attackers try to slip malware into NPM or Git, your build process will catch it and shut it down before any damage is done.

This post breaks down how this attack works, it’s devastating potential, and demonstrates how InvisiRisk's Build Application Firewall (BAF) provides a crucial, proactive defense by preventing the use of vulnerable GIT versions before they can be exploited.