StepSecurity
@step_security
Secure your GitHub Actions with StepSecurity: Your Trusted CI/CD Security Partner
加入 November 2021
23 正在關注 500 粉絲
🚨 A Mini Shai-Hulud has appeared.
Your npm install just handed your credentials to an attacker.
We detected a new supply chain campaign targeting SAP developer packages. It downloads Bun (not Node) to run an 11 MB obfuscated payload. Victim repos are being created on GitHub as we speak.
Full breakdown:
顯示更多
