InvisiRisk Blog Posts

Date Observed:  March–April 2026  Ecosystem:  npm, Node.js, CI/CD pipelines  Targets:  Axios npm package consumers: 100M+ weekly downloads across JavaScript and Node.js build environments  Attack Type:  Maintainer account compromise, malicious package publish, cross-platform RAT delivery  Key Takeaways A North Korea-linked threat actor hijacked an Axios npm maintainer account and published malicious versions containing a cross-platform Remote Access Trojan Any CI/CD pipeline

Date Observed : March 2026 Ecosystem : GitHub Actions, npm, PyPI Targets : Aqua Security Trivy, Checkmarx KICS, BerriAI LiteLLM Attack Type : Supply chain compromise, mutable tag hijacking, CI/CD credential theft, self-propagating worm, PyPI wheel backdoor Key Takeaways : TeamPCP targeted CI/CD pipelines, not just source code . The campaign abused trusted paths like GitHub Actions, npm, and PyPI. Once inside the pipeline, attackers could access secrets and credentials . Down

Date Observed : October 2025 – ongoing (March 2026) Ecosystem : VS Code/OpenVSX extensions, npm packages, GitHub repositories Attack Type : Stealthy supply-chain compromise → hidden payload execution → credential theft → lateral spread Key Takeaways: Invisible payloads : Malicious code is hidden in Unicode characters, making it invisible in editors and diffs. Decentralized C2 : Uses Solana blockchain with Google Calendar fallback for resilient command delivery. Wide propagati

Date of Discovery : February 20, 2026 Ecosystem : npm Type of Attack : Credential theft + AI tool compromise + worm propagation Scope : At least 19 typo-squatted npm packages Impact : Credential theft, GitHub Actions abuse, MCP injection, multi-channel exfiltration, and destructive fallback capability A coordinated supply chain attack targeted the npm ecosystem under the codename SANDWORM_MODE, disclosed by Socket Research Team on February 20, 2026. The campaign combines cred

Date Observed : Late February 2026 Ecosystem : GitHub Actions CI/CD Attack Type : Pull-request triggered workflow exploitation → Remote Code Execution (RCE) → Token theft Key Takeaways: Hackerbot-Claw exploited misconfigured GitHub Actions workflows using malicious pull-request (PR) input. The attack executed inside the CI/CD build environment, not in merged code. Once tokens were exposed, attackers could modify repositories and publish artifacts. A recent campaign attributed

Between November 21-23, the Shai-Hulud worm returned in a more aggressive form, rapidly spreading through the NPM ecosystem and Maven, compromising tens of thousands of repositories. InvisiRisk Build Application Firewall (BAF) includes a robust set of default security policies that enforce expected build behavior. The "Unauthorized PUT" policy serves as a critical defense against attacks like Shai-Hulud.

The nx 's1ngularity' attack is a powerful reminder that supply chain security requires more than just scanning dependencies. InvisiRisk provides the proactive, real-time defense needed to secure the modern software development lifecycle.

InvisiRisk’s BAF enforces defensive rules in the build pipeline (trusted registries/SCM, blocked packages, secret-leak prevention, response checks, git protections), and the Build Security AI Agent feature provides behavioral detection for novel, suspected worm-style activities. The defensive rules and the agent work together to stop supply-chain worms and credential-theft campaigns from spreading through your builds.

Integrating InvisiRisk Build Application Firewall into your development workflow is a practical way to ensure that even if attackers try to slip malware into NPM or Git, your build process will catch it and shut it down before any damage is done.

This post breaks down how this attack works, it’s devastating potential, and demonstrates how InvisiRisk's Build Application Firewall (BAF) provides a crucial, proactive defense by preventing the use of vulnerable GIT versions before they can be exploited. 

The dynamic nature of CI/CD pipelines necessitates a solution that can identify and block threats as they happen. InvisiRisk BAF acts as a vigilant guardian for your build process, ensuring that even if a vulnerability is present, it cannot be successfully exploited. By shifting from a reactive to a proactive security model, you can confidently leverage the power of automation without compromising the integrity of your software supply chain.

InvisiRisk BAF’s layered, real-time security stops attacks like the Ultralytics/Action Compromise

InvisiRisk BAF’s layered, real-time security stops attacks like the Ultralytics/Action Compromise

InvisiRisk BAF is a security solution specifically designed to protect the software build process from various threats.