Threat Alerts

GitHub confirmed a significant internal security breach after a threat actor gained access through a malicious code editor extension installed on an employee’s device. The attackers later advertised the breach on a cybercrime forum, claiming to have exfiltrated approximately 3,800 to 4,000 private internal repositories and offering the stolen data for sale while threatening public disclosure if no buyer emerged. The compromise was detected after security teams identified the trojanized extension, prompting immediate containment through removal of the malicious component, isolation of the affected endpoint, and incident response. Current findings indicate the attacker’s activity was limited to internal repository exfiltration, with no evidence of customer data exposure outside the affected repositories. However, unauthorized access to private source code repositories raises significant concerns around exposure of proprietary application logic, deployment configurations, embedded credentials, API keys, and infrastructure artifacts that could facilitate follow-on attacks. The threat actor linked to the incident has a known history of supply chain attacks targeting developer ecosystems, including package registries and software distribution platforms. Malicious extensions distributed through official code editor marketplaces remain an effective intrusion vector due to the privileged access they inherit within developer environments, including source code visibility, terminal execution context, authentication tokens, and connected infrastructure credentials. Similar campaigns have previously used rogue extensions for credential theft, ransomware deployment, and sensitive data exfiltration, reinforcing that trusted developer tooling remains a high-value attack surface for broader enterprise and software supply chain compromise.

Recent research uncovered a sophisticated cloud-focused intrusion campaign conducted by the threat actor Storm-2949, which leveraged social engineering and the abuse of Microsoft Entra ID Self-Service Password Reset (SSPR) workflows to compromise high-value user accounts. By manipulating users into approving fraudulent MFA requests, the attackers reset passwords, removed existing authentication methods, and registered their own MFA devices to maintain persistent access.

Following the initial identity compromise, Storm-2949 conducted large-scale discovery and data exfiltration operations across Microsoft 365 and Azure environments. The threat actor abused legitimate cloud administration features and Azure RBAC permissions to access SharePoint, OneDrive, Azure Storage accounts, SQL servers, Azure App Services, and Key Vaults containing sensitive credentials and production secrets. The attackers also manipulated firewall and network configurations to facilitate data exfiltration while attempting to evade detection.

The campaign further escalated through the abuse of Azure VM management features, including Run Command and VMAccess extensions, to deploy ScreenConnect remote management software, weaken Microsoft Defender protections, perform credential harvesting, and establish persistent remote access. Microsoft noted that the threat actor relied heavily on legitimate cloud management functionality rather than traditional malware, allowing malicious activity to blend into normal administrative behavior and making detection significantly more challenging.

A malicious Go module was discovered impersonating a widely used arbitrary precision decimal library, differing from the legitimate package by a single character in its name. The typosquatted module had been present in the Go ecosystem since 2017 and was weaponized in August 2023, when a new version introduced a malicious init() function that opens a DNS TXT record command-and-control channel to a threat actor-controlled subdomain on a free dynamic DNS provider. The legitimate library has over 38,000 known importers, making it a high-value target for this kind of single-character substitution attack. The dwell time between weaponization and disclosure spans roughly 33 months, placing a long upper bound on potential exposure for any project that pulled an unverified version during that window.
The attacker published multiple benign releases over several years, mirroring upstream version cadence to give the package the appearance of a maintained fork rather than a staged supply chain attack, before eventually weaponizing it. This is a known “trust-then-poison” pattern, where a clean release is shipped to establish recent activity, then the malicious release follows within minutes — ensuring that any developer who reviewed the package recently sees a legitimate-looking commit alongside the malicious one. Go’s package initialization model guarantees that every init() function runs before any exported function becomes callable, meaning simply importing the module anywhere in a project’s dependency graph is enough to start the malicious loop, which polls for commands via DNS TXT records every five minutes.
Each TXT value returned by the command-and-control subdomain is passed directly to a system execution call, with output captured and discarded. DNS TXT serves as a covert channel rather than a transport, as TXT lookups resemble normal DNS activity to most egress controls, including environments that block outbound HTTP. Every machine that imports the malicious module and runs the resulting binary — including CI runners, developer workstations, and production hosts — executes the backdoor for the lifetime of the process, granting the operator on-demand command execution with the same privileges as whatever binary imported the package. The Go Module Proxy continues to serve all published versions of a module indefinitely as part of its reproducibility guarantee, meaning the malicious release remained permanently accessible even after the source repository was deleted.

A software supply chain attack targeting the @antv npm ecosystem was identified after threat actors compromised a maintainer account and published malicious package versions. The attack, showing similarities to the previously observed Shai Hulud malware campaigns, propagated through downstream dependencies, significantly expanding exposure across developer environments, CI/CD pipelines, and cloud workloads. The malicious payload executed automatically during the npm installation process via a preinstall hook and specifically targeted GitHub Actions environments running on Linux systems.

The malware was designed to steal credentials and secrets from multiple platforms, including GitHub, AWS, Kubernetes, HashiCorp Vault, npm, and CI/CD environments. Researchers observed the malware scraping secrets directly from GitHub Actions Runner memory, bypassing standard secret masking protections. Additional capabilities included privilege escalation, DNS manipulation, encrypted exfiltration to attacker-controlled infrastructure, and self-propagation mechanisms intended to compromise additional repositories and npm packages using stolen credentials.

The campaign also abused GitHub APIs and public repositories for covert data exfiltration and attempted to forge SLSA provenance attestations to make malicious artifacts appear legitimate. GitHub responded by removing hundreds of malicious packages and revoking more than 61,000 npm tokens with elevated publishing permissions and 2FA bypass capabilities.

A newly disclosed Linux local privilege escalation vulnerability dubbed PinTheft has emerged with a publicly available proof-of-concept exploit, raising concerns for systems with exposed vulnerable configurations. The flaw resides in the Linux kernel’s Reliable Datagram Sockets (RDS) subsystem and can allow local attackers to escalate privileges to root under specific conditions. While the exposure is configuration-dependent, systems where the affected kernel module is loaded by default face elevated risk, making timely patching critical for impacted Linux environments.

The vulnerability stems from a flaw in the RDS zerocopy send path, where pinned user memory pages are improperly released during fault handling, creating a double-free condition. By repeatedly triggering failed zerocopy send operations, an attacker can gradually manipulate memory reference counts, ultimately enabling controlled page cache corruption and privilege escalation to root. Successful exploitation requires several prerequisites, including the RDS kernel module being loaded, io_uring enabled, presence of a readable SUID-root binary and an x86_64 architecture. Among commonly tested distributions, Arch Linux presents the highest default exposure due to automatic loading of the vulnerable module, whereas most enterprise-focused Linux distributions do not enable it by default. Although no CVE has yet been assigned, a kernel patch is available and the existence of a working public exploit significantly increases the urgency for remediation.

Google has released an urgent security update for Google Chrome addressing 16 vulnerabilities, including multiple critical and high-severity flaws that could enable remote code execution (RCE), memory corruption, sandbox compromise, and browser security bypass through specially crafted web content. The most severe vulnerabilities include CVE-2026-9111, a critical Use-After-Free vulnerability in WebRTC that could allow attackers to corrupt memory and potentially achieve remote code execution via a malicious webpage, and CVE-2026-9110, an inappropriate implementation flaw in the Chrome UI layer that may enable spoofing of browser interface elements or bypass of security restrictions. Additional high-severity vulnerabilities patched in the release include CVE-2026-9119 (CVSS 8.8), a Heap Buffer Overflow vulnerability in WebRTC, and CVE-2026-9120, another Use-After-Free flaw affecting WebRTC functionality. Google also addressed several additional high-severity memory corruption vulnerabilities, including CVE-2026-9114 (Use-After-Free in QUIC), CVE-2026-9112 (Use-After-Free in GPU), CVE-2026-9118 (Use-After-Free in XR), CVE-2026-9117 (Type Confusion in GFX), and CVE-2026-9116 involving insufficient policy enforcement within Service Workers.

Several of the vulnerabilities affect core browser components responsible for rendering, real-time communication, graphics processing, and memory management, creating potential exploit chains that may facilitate arbitrary code execution, renderer compromise, or browser sandbox bypass. In particular, the concentration of Use-After-Free and heap corruption vulnerabilities within WebRTC and graphics-related components increases the risk of memory manipulation attacks through malicious HTML and JavaScript content. Google stated that technical details regarding the vulnerabilities will remain restricted until a majority of users receive the update, reducing the likelihood of rapid weaponization during the patch rollout period.