StepSecurity
Public MindPattern findings, entities, and graph evidence that cite this source.
Findings
2
All-time hits
2
High value
2
Last seen
2026-06-06
Connected entities
Related findings
- 2026-06-06 / AGENTSMiasma Self-Spreading Worm Reaches Microsoft Azure GitHub Orgs — 73 Repos DisabledOn June 5, 2026, the Miasma supply-chain worm campaign reached Microsoft's Azure GitHub organizations, prompting GitHub to disable 73 repositories across four Microsoft GitHub orgs after malicious commits were pushed. The attack files execute credential-harvesting payloads when a developer opens the repository in Claude Code, Gemini CLI, Cursor, or VS Code — a new class of repo-as-trigger attack that weaponizes coding-agent auto-execution on project open. It underscores the danger of agents that act on untrusted repository contents without isolation.
- 2026-05-13 / SKILLSGitHub Actions Cache Poisoning as Supply Chain Attack Vector: TanStack Postmortem Reveals fork→base Trust Boundary Is Exploitable via pull_request_targetThe TanStack postmortem reveals a reusable three-step attack pattern against any repository using pull_request_target workflows: (1) fork the repo and rename to evade detection, (2) open a PR that triggers a pull_request_target workflow checking out attacker code, (3) poison the GitHub Actions cache (pnpm store) across the fork-to-base boundary. The attacker's code then executes in subsequent legitimate CI runs. Remediation: pin all action refs to full SHAs (not tags), never run pull_request_target workflows that checkout PR code, and treat the Actions cache as an untrusted input. npm's OIDC trusted-publisher has no per-publish review gate — any workflow code path can mint tokens.