CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Compromise of Ruby gems and Go modules via poisoned packages leads to credential theft and CI pipeline manipulation

First reported
Last updated
2 unique sources, 3 articles

Summary

Hide ▲

A dual-pronged software supply chain attack continues to unfold, with initial compromise via poisoned Ruby gems and Go modules tied to the GitHub account “BufferZoneCorp” for credential theft and CI pipeline manipulation. Concurrently, the GemStuffer campaign abuses the RubyGems registry as a data transport channel, embedding scraped content from U.K. local government council portals (Lambeth, Wandsworth, Southwark) into over 150+ valid .gem archives and republishing them using hardcoded API keys. New vendor research highlights automated scraper-worm mechanics, noisy but intentional execution indicative of testing or registry abuse, and direct API uploads bypassing the gem CLI. Security teams are advised to audit /tmp folders, block unauthorized gem pushes in CI pipelines, and lock down systems allowed to publish to public registries.

Timeline

  1. 13.05.2026 11:08 2 articles · 1d ago

    GemStuffer campaign abuses RubyGems registry to exfiltrate and store U.K. council portal data

    Researchers uncovered a new campaign codenamed GemStuffer that abused over 150 RubyGems as a storage channel, packaging scraped content from U.K. local government council portals (Lambeth, Wandsworth, Southwark) into valid .gem archives and republishing them to RubyGems using hardcoded API keys. Variants created temporary credential environments and pushed directly via gem CLI or RubyGems API, demonstrating registry abuse and raising concerns about capability testing against government infrastructure. New vendor reporting from Socket further details automated scraper-worm mechanics, noisy but intentional execution indicative of testing or registry abuse rather than conventional malware distribution, and direct API uploads bypassing the gem CLI. Security guidance includes auditing /tmp folders, blocking unauthorized gem pushes in CI pipelines, and tightening publishing workflow controls.

    Show sources
    Open in new tab
  2. 01.05.2026 12:43 2 articles · 13d ago

    Poisoned Ruby gems and Go modules linked to credential theft and SSH persistence in CI pipelines

    Malicious packages published under "BufferZoneCorp" on GitHub were distributed via RubyGems and Go modules, including sleeper packages, to harvest credentials and manipulate CI workflows. Ruby gems targeted credential theft during installation, while Go modules injected fake Go wrappers to intercept build steps and establish SSH persistence. Packages have been removed from distribution channels following discovery.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Cross-Platform Supply Chain Attack Expands with Mini Shai-Hulud Malware via PyPI and npm Ecosystems

The Mini Shai-Hulud supply chain attack has escalated into a multi-ecosystem campaign, now confirmed to have breached OpenAI’s internal systems via compromised TanStack packages. Two OpenAI employees’ devices were infected, resulting in limited credential theft from internal repositories but no impact on customer data, production systems, or deployed software. OpenAI responded by isolating systems, rotating credentials, and updating code-signing certificates for macOS applications, requiring user updates by June 12, 2026. The attack initially targeted TanStack and Mistral AI, spreading to UiPath, Guardrails AI, and OpenSearch through stolen CI/CD credentials and legitimate GitHub Actions workflows. Researchers identified hundreds of compromised npm and PyPI packages (373 npm package-version entries across 169 names, with at least double that number across organizations) designed to steal developer credentials, self-propagate via compromised maintainer accounts, and abuse trusted publishing workflows. The malware employs heavily obfuscated JavaScript payloads with Bun-based execution, targets IDE integrations for persistence, and includes destructive sabotage components on Linux systems. Threat actors, assessed as TeamPCP, continue refining tactics to maximize reach and evade detection, underscoring the urgency for credential rotation and provenance verification across ecosystems.

Open in new tab

Self-propagating North Korean job-scam malware spreads via compromised developer projects in software supply chain

A North Korean state-aligned actor has transformed fake job recruitment scams into a self-propagating supply-chain attack dubbed "Contagious Interview" that infects developer workstations and propagates via compromised repositories. Void Dokkaebi (aka Famous Chollima) abuses legitimate development workflows by luring developers with fake interviews, then delivering malware via malicious VS Code tasks or hidden payloads in fonts/images. Once committed to Git repositories, the infection spreads to downstream contributors, creating a worm-like chain reaction. Developers’ credentials, crypto wallets, CI/CD pipelines, and production infrastructure are primary targets. Newly identified activity connected to the same actor’s PromptMink campaign targets cryptocurrency developers via malicious npm packages, including @validate-sdk/v2, co-authored by an AI coding assistant. The layered package strategy uses legitimate-looking tools to hide malicious payloads, with payloads evolving from credential theft to broader data exfiltration, persistence mechanisms, and cross-platform binaries. Over 60 packages and 300+ versions have been identified across seven months, with evidence of LLM integration in malware development.

Open in new tab

Supply chain compromise in Trivy scanner triggers CanisterWorm propagation across CI/CD pipelines

Supply chain compromise in the Trivy vulnerability scanner triggered the CanisterWorm propagation across CI/CD pipelines, now expanding to additional open-source ecosystems and involving multiple advanced threat actors. The TeamPCP threat group continues to monetize stolen supply chain secrets through partnerships with extortion groups including Lapsus$ and the Vect ransomware operation, with Wiz (Google Cloud) and Cisco confirming collaboration and horizontal movement across cloud environments. A new npm supply chain malware campaign discovered on April 24, 2026, shows self-propagating worm-like behavior via @automagik/genie and pgserve packages, stealing credentials and spreading across developer ecosystems while using Internet Computer Protocol (ICP) canisters for command and control. The malware shares technical similarities with prior TeamPCP campaigns, including post-install scripts and canister-based infrastructure, potentially indicating ongoing evolution of the threat actor's tactics or a new campaign leveraging established infrastructure. The Axios NPM package compromise via malicious versions 0.27.5 and 0.28.0 delivered a multi-platform RAT through a malicious dependency impersonating crypto-js, with attribution disputes suggesting either TeamPCP involvement or North Korean actor UNC1069 (Google's Threat Intelligence Group). Cisco's internal development environment was breached using stolen Trivy-linked credentials via a malicious GitHub Action, resulting in the theft of over 300 repositories including proprietary AI product code and customer data from banks, BPOs, and US government agencies. Multiple AWS keys were abused across a subset of Cisco's cloud accounts, with multiple threat actors participating in the breach.

Open in new tab

TeamPCP escalates CanisterWorm campaign with geopolitical targeting and multi-vector attacks

TeamPCP has escalated its multi-vector CanisterWorm campaign into a geopolitically targeted operation, now confirmed to have leveraged the Trivy supply-chain attack as an access vector for the Checkmarx compromise. The group compromised PyPI packages (LiteLLM versions 1.82.7–1.82.8 and Telnyx versions 4.87.1–4.87.2) and Checkmarx KICS tooling to deliver credential-stealing malware, harvesting SSH keys, cloud credentials, Kubernetes secrets, database credentials, cryptocurrency wallets, TLS/SSL private keys, and bash history files. Checkmarx has publicly confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository, with access facilitated by the Trivy compromise attributed to TeamPCP. The leaked data, published on both dark web and clearnet portals, did not contain customer information, and Checkmarx has blocked access to the affected repository pending forensic investigation. The campaign’s scope expanded from initial npm package compromises to include GitHub repository hijacking (e.g., Aqua Security), Docker Hub compromise, and CI/CD pipeline targeting, while destructive payloads in Iranian Kubernetes environments highlight TeamPCP’s geopolitical alignment. On May 9, 2026, TeamPCP published a malicious version of the Checkmarx Jenkins AST plugin (2.0.13-829.vc72453fa_1c16) to the Jenkins Marketplace, defacing the plugin’s GitHub repository with pro-TeamPCP messaging. The compromise was facilitated using credentials stolen in the March 2026 Trivy supply-chain attack and occurred outside the plugin’s official release pipeline, lacking a git tag or GitHub release. Checkmarx isolated its GitHub repositories from customer environments and stated no customer data was stored in them. Users are advised to use version 2.0.13-829.vc72453fa_1c16 published on December 17, 2025, or older.

Open in new tab

Malicious dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Legitimate dYdX-related packages on npm and PyPI have been compromised to distribute malicious versions that steal cryptocurrency wallet credentials and execute remote access trojans (RATs). The compromised packages target JavaScript and Python ecosystems, with different payloads for each. The attack is suspected to involve developer account compromise, allowing threat actors to push malicious updates using legitimate credentials. The affected packages include @dydxprotocol/v4-client-js (npm) versions 3.4.1, 1.22.1, 1.15.2, and 1.0.31, and dydx-v4-client (PyPI) version 1.1.5post1. The malicious code targets core registry files and uses obfuscation techniques to evade detection. Users are advised to isolate affected machines, move funds to new wallets from clean systems, and rotate all API keys and credentials. This incident highlights a persistent pattern of supply chain attacks targeting dYdX-related assets.

Open in new tab