Build & CI/CD Security Alerts

Build & CI/CD Security Alerts is where DevOps, DevSecOps, AppSec teams, and security leaders can track the vulnerabilities, attacks, and disclosures that matter most to build systems and CI/CD pipelines. Instead of rehashing general cybersecurity news, we focus on what each alert means inside for the build environment: how it could affect dependency retrieval, secrets exposure, unauthorized outbound connections, artifact integrity, and software supply chain risk at the last mile.

This page is designed for teams that want timely, practical analysis of build-time threats and clearer guidance on how to strengthen their defenses and reduce risk.

Security Alerts

In the News

Red Hat npm Supply Chain Attack: Miasma Hits @redhat-cloud-services

Date Observed: June 1, 2026Ecosystem: npm @redhat-cloud-services Targets: CI/CD pipelines and developer workstations consuming @redhat-cloud-services packages Attack Type: CI/CD pipeline compromise; preinstall

June 3, 2026

hacker sitting with a laptop an tablet

Microsoft’s Durabletask PyPI Attack: Mini Shai-Hulud Saga Continues.

Date Observed: May 19, 2026Ecosystem: PyPI (Python)Targets: CI/CD runners, cloud workloads, Kubernetes clusters, developer environments consuming durabletaskAttack Type: Supply chain

May 23, 2026

hacker with code falling on the screen

Mini Shai-Hulud Hits @antV: Here We Go Again

Date Observed: May 19, 2026Ecosystem: npm (Node.js)Targets: @antV data visualization packages, echarts-for-react, timeago.js, size-sensor, canvas-nest.js, CI/CD pipelines, developer workstations.Attack Type:

May 21, 2026

hacker on a laptop and cell phone

TanStack npm Supply Chain Attack: Mini Shai-Hulud Returns

Date Observed: May 11, 2026Ecosystem: npm, PyPITargets: Developers using @tanstack/react-router and related packages; UiPath, Mistral AI, OpenSearch, and Guardrails AI

May 18, 2026

hacker with code as a face

BufferZoneCorp Supply Chain Attack Hits Ruby and Go

Date Observed: Late April 2026Ecosystem: RubyGems and Go ModulesTargets: Developers, CI runners, and GitHub Actions pipelinesAttack Type: Malicious package campaign,

May 13, 2026

hacker on a computer with red light background

Mini Shai-Hulud: Cross-Ecosystem Supply Chain Attack Hits npm, PyPI, and Packagist

Date Observed: April 29–30, 2026Ecosystem: npm, PyPI, Packagist (PHP)Targets: SAP enterprise developers, AI/ML engineers, DevOps and DevSecOps teams using Intercom

May 7, 2026

Bitwarden CLI npm Compromise: Bun-Staged Credential Stealer

Date Observed: April 23, 2026 Ecosystem: npm (Node.js) Targets: Developer workstations, GitHub Actions CI/CD pipelines, cloud environments, AI coding tool

April 29, 2026

xinference PyPI Compromise: TeamPCP-Style Credential Stealer

Date Observed: April 22, 2026 Ecosystem: PyPI (Python) Targets: AI/MLOps teams, CI/CD pipelines, cloud-connected LLM inference environments Attack Type: Supply

April 28, 2026

Axios npm Supply Chain Attack: Hijacked Maintainer Account Delivers RAT

Axios npm Compromise: North Korea-Linked Threat Actor Poisons Popular HTTP Client Date Observed: March–April 2026 Ecosystem: npm, Node.js, CI/CD pipelines

April 9, 2026

TeamPCP: How a Supply Chain Attack Hit Build Systems and CI/CD Pipelines

TeamPCP Supply Chain Campaign: CI/CD Pipeline Attacks Targeting Trivy, KICS, and LiteLLM Date Observed: March 2026 Ecosystem: GitHub Actions, npm,

April 7, 2026