Shai-Hulud Worm Reloaded: A New Wave of NPM Supply Chain Attacks and How InvisiRisk Stops It
Shai-Hulud Worm Reloaded: A New Wave of NPM Supply Chain Attacks and How InvisiRisk Stops It Date of Attack: November 21-23, 2025. Impact: More than 800 NPM packages and 25,000 GitHub repositories were affected. The software supply chain has come under attack once again. Between November 21-23, the Shai-Hulud worm returned in a more aggressive […]
The ‘s1ngularity’ Attack: Weaponizing AI CLI Tools and How InvisiRisk Stops It
The nx “s1ngularity” Attack: Weaponizing AI CLI Tools and How InvisiRisk Stops It Date of Attack: August 26, 2025 Impact: Credentials were stolen from over 1,400 build systems affecting over 300 organizations The software supply chain is once again in the spotlight following the compromise of the popular nx build system on the NPM registry. […]
Shai-Hulud NPM Worm Attack: Overview and InvisiRisk Protection
Shai-Hulud NPM Worm Attack: Overview and InvisiRisk Protection A novel self-propagating malware strain dubbed the Shai-Hulud worm has recently infected hundreds of JavaScript (NPM) packages. Security researchers report that at least 187 NPM packages are known to have been compromised and the damage caused by this threat is suspected of impacting more than 500 packages […]
Git’s Silent Takeover: How a Simple Clone Command Can Compromise Your Entire System
Git’s Silent Takeover: How a Simple Clone Command Can Compromise Your Entire System (CVE-2025-48384) In the world of software development, Git is the undisputed foundation of version control, a tool so integral and trusted that its security is often taken for granted. However, a recently discovered high-severity vulnerability, CVE-2025-48384, shatters this perception. This flaw, which […]
GitHub’s ‘Pwn Request’ misconfiguration: How InvisiRisk BAF Shields Your CI/CD from Hidden Threats
GitHub’s “Pwn Request” Misconfiguration: How InvisiRisk BAF Shields Your CI/CD from Hidden Threats The automation prowess of GitHub Actions, a cornerstone of modern CI/CD pipelines, harbors a subtle yet critical loophole. The pull_request_target trigger, if misconfigured, can be exploited in what’s known as a “pwn request” attack, granting malicious actors access to your repository’s secrets […]
InvisiRisk Unveils Groundbreaking Build Security AI Agent
InvisiRisk Launches Revolutionary Build Security AI Agent for Software Supply Chain Protection InvisiRisk, Inc. is excited to announce the launch of its revolutionary Build Security AI Agent, designed to transform the security landscape of software supply chains. This innovative solution leverages advanced artificial intelligence to provide unparalleled protection for CI/CD pipelines, ensuring the integrity and […]
CI/CD Secrets Leaks: Why Your Build Pipeline Is Still Exposed
Why Your Secrets Faucet Is Still Leaking: The Runtime Blind Spot in CI/CD Security We all know the nightmare scenario: sensitive credentials – API keys, database passwords, private certificates – leaked into the wild. Diligent teams implement a comprehensive strategy: secure storage with secret managers (like Vault or AWS Secrets Manager), static code scanning on […]
Don’t Let a Typo Sink Your Ship: How InvisiRisk BAF Fights The Silent Threat of Typosquatting
Don’t Let a Typo Sink Your Ship: Typosquatting Attacks and How InvisiRisk BAF Stops Them In today’s fast-paced software development world, efficiency is king. Developers often rely on vast ecosystems of open-source packages to build and enhance their applications. But within this convenience lies a hidden danger: typosquatting. This insidious attack method, where malicious actors […]
CVE-2025-29927: Middleware Authorization Bypass in Next.js and How InvisiRisk BAF Prevents it
Next.js Middleware Vulnerability (CVE-2025-29927): How InvisiRisk BAF Provides Real-Time Protection Introduction In the ever-evolving landscape of web development, security remains a paramount concern. A recent discovery of a critical vulnerability in Next.js, identified as CVE-2025-29927, underscores the necessity for robust security measures within build processes. This blog post delves into the specifics of this vulnerability […]
How InvisiRisk BAF Effectively Mitigates GitHub Actions Supply Chain Attacks Like the Ultralytics/Action Compromise
How InvisiRisk BAF Effectively Mitigates GitHub Actions Supply Chain Attacks Like the Ultralytics Attack Introduction The rise of automation in software development has made CI/CD pipelines indispensable, with GitHub Actions standing out as a cornerstone for streamlining workflows. However, this reliance on automation introduces significant security risks, as demonstrated by the December 2024 supply chain […]