Bottom line: Malware exploits compromised npm packages and manipulated GitHub Actions to exfiltrate tokens and credentials directly from CI/CD environments and developer repositories.
Security researchers at Socket have documented a coordinated campaign by the malware families Mini Shai-Hulud, Miasma, and Hades that infiltrate npm packages, GitHub workflows, and Go modules to steal developer credentials and cloud secrets.
The npm registry was infiltrated with malicious package versions of LeoPlatform and RStreams. Socket researchers determined that the developer account “czirker” was compromised using stolen credentials, allowing attackers to upload manipulated versions within seconds. The malware uses the binding.gyp configuration file to execute malicious code during package installation. Subsequently, the Bun runtime environment is downloaded and a spyware program is launched that extracts credentials and tokens.
A central attack vector targeting GitHub Actions is the “Run Copilot” workflow, which extracts sensitive data directly from the CI/CD environment’s memory and subsequently uploads it to public GitHub repositories. StepSecurity also documented a compromise of the widely-used GitHub Action codfish/semantic-release-action: On June 24, 2026 at 15:39:06 UTC, attackers forced a malicious commit and redirected multiple version tags to it. Any system that executed these tags after this timestamp became infected with the payload, which among other things harvested GitHub OIDC tokens.
The campaign is not limited to JavaScript ecosystems: malware variants infiltrate Go modules from the Verana blockchain project. Unlike npm packages, installation scripts are not used here; instead, malicious code is executed via project configurations as soon as a developer clones the repository or opens it in an IDE or AI-powered programming assistant.
Analysis by Endor Labs and OX Security shows that the Hades variant searches GitHub hourly for specific commit patterns to update itself. Particularly critical for CISOs is JFrog’s finding that the compromised package sets are tightly interwoven with cloud-native and serverless workflows. Compromise at this level therefore also jeopardizes downstream software users in the supply chain.
Source: www.it-daily.net · Published June 29, 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.