Shri Chickerur’s Post

A poisoned VS Code extension went live for only 18 minutes. That brief window was enough for attackers to steal credentials and copy 3,800 internal GitHub repositories. This GitHub incident highlights how developer environments and local tooling have become a primary frontline in #SoftwareSupplyChainSecurity. Our security team provides a thorough breakdown of the incident and key takeaways for security teams: https://gag.gl/pQZVPi #AppSec #DeveloperSecurity #ExposureManagement #GitHubbreach

🚨 PSA for security teams using #Checkmarx: TeamPCP has compromised Checkmarx's Jenkins AST Plugin published on the Jenkins Marketplace. They also gained access to their GitHub repo and defaced it. This follows an earlier incident in March following the #Trivy supply chain attack, as a result of which two of its GitHub Actions workflows and two plugins distributed via the Open VSX marketplace were tampered with to push a credential stealer capable of harvesting a wide range of developer secrets. A second #Checkmarx incident happening this soon suggests initial remediation efforts were ineffective, and the group is actively watching for re-entry points, and capitalizing on any gaps. Stay safe out there... #softwaresupplychainsecurity #sscs #teamPCP

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. "Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action's normal commit history,

Last week I leaked an API key to GitHub—despite having written security rules in a CLAUDE.md file to prevent it. Running Claude Code in a git worktree, the CLAUDE.md at the repo root was most likely never referenced. The tool committed and pushed automatically, and the rule was silently ignored. A rule that depends on being read has no guarantee of loading once the environment changes. "The rule exists" is not "the rule works." A safeguard is real only when backed by a mechanism that can't be bypassed: 1. A pre-commit hook that scans for secret patterns and aborts the commit—it runs at the local Git level, the same in any environment. 2. Secret separation: inject API keys at runtime from a manager like 1Password CLI. If the secret isn't in the repo, it can't leak. 3. GitHub Push Protection: the server blocks secrets even if local checks fail. A safeguard that hasn't been verified isn't a safeguard. It's a hope. Are yours verified to work—or just "should be set up"? #ClaudeCode #DevSecOps #SecretsManagement

Should secret scanning happen before the commit, inside the agent loop? GitHub made secret scanning in the GitHub MCP Server generally available this week, and this feels like the correct direction. Not because scanning is new. It is not. The useful part is where it sits. If an MCP-enabled coding agent or IDE can check for exposed secrets before a PR exists, then security moves closer to the actual mistake. That matters. I have spent enough time around auth flows, public endpoints, Supabase policies, and API keys to know that most security issues are not dramatic. They are boring gaps that survive because nobody saw them at the right time. The best security tool is the one that interrupts the smallest possible mistake. I wonder how many teams will start treating MCP tools as part of their default dev environment, the same way linters and formatters became normal. #Security #MCP #DeveloperTools

"In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server" For those that still needs to use this Github Actions, then pin GitHub Actions to a full commit SHA(known safe commit) rather than mutable tags https://lnkd.in/gxS3cFtC

Rotating your token during the TanStack npm compromise was literally wiping your laptop. Read that again. 84 malicious versions of TanStack packages hit npm. @tanstack/react-router alone: 12 million weekly downloads. The payload polls GitHub every 60 seconds with the stolen token. The moment GitHub returns a 401, it runs rm -rf ~/ on the machine. Verbatim, the npm token description the attacker left: IfYouRevokeThisTokenItWillWipeTheComputerOfTheOwner The action that's supposed to contain the damage IS the damage. A few things that should change in how we think: Isolate the affected machine before you rotate. Provenance is necessary but not sufficient. These packages had valid SLSA Build Level 3 attestations. The signatures were real. The pipeline was real. The code running inside the pipeline was not. Optional dependencies are a soft underbelly. The payload was smuggled in as an optionalDependencies entry pointing at an orphan commit. Optional means it can fail silently. That's a feature, for the attacker. The real headline: these attacks now assume you'll respond and build around that. Defense has to factor in what attackers do during your IR, not just before it. String surfaced in Semgrep's advisory.

“write secure code” is a worthless prompt. the model learned security from public github, where the insecure pattern showed up the most. ask for a login system and you get the one it saw a thousand times: no session, no authz, no validation. vague instructions inherit the worst defaults. #VibeCoding #LLMSecurity #DevSecOps

⛓️💥 TeamPCP-linked “Shai-Hulud” tooling has reportedly been open sourced and briefly uploaded to GitHub before being removed. According to underground sources, mirrors of the archive are now circulating through alternative file-sharing platforms and underground repositories. At this stage, the authenticity, completeness, and operational capability of the leaked package remain unverified. Initial observations suggest: • Archive size appears extremely small, around 0.14 MB  • The package may represent a partial release, PoC, loader, or symbolic publication  • Full operational tooling may not be included  • Rapid GitHub removal may indicate abuse/TOS enforcement or malicious-content reporting Even limited releases can still expose valuable tradecraft, including attack automation logic, infrastructure patterns, persistence methods, deployment workflows, and reusable scripts that may lower the barrier for copycat activity. ThreatMon will continue monitoring underground redistribution, mirrors, and related infrastructure for validation and emerging indicators. #ThreatMon #CyberThreatIntelligence #ThreatIntelligence #DarkWebMonitoring #GitHubAbuse #Malware #TeamPCP #ShaiHulud #CTI”

Unusual cloning. Unexpected geolocations. Anomalous hours of operation. Each signal matters. But the key is when they all happen together, in sequence, on the same credential. That's when you've truly found something malicious. We built BlueFlag around that idea from day one. The codebase is the next crown jewel. Risky behavior and toxic combination detection was created to protect it — and to give security teams a chance to act before the press release goes out. The GitHub breach is exactly the scenario we built this for.