GhostAction GitHub supply chain attack compromises 3,325 secrets

A supply chain attack targeting the npm registry has compromised over 187 packages maintained by multiple developers. The attack uses a malicious script (bundle.js) to steal credentials from developer machines. The compromised packages include various npm modules used in different projects. The attack is capable of targeting both Windows and Linux systems. The malicious script scans for secrets using TruffleHog's credential scanner and transmits them to an external server controlled by the attackers. Developers are advised to audit their environments and rotate credentials if the affected packages are present.

A supply chain attack compromised multiple npm packages with over 2.6 billion weekly downloads. Attackers injected malicious code into these packages after hijacking a maintainer's account via phishing. The malware targets web-based cryptocurrency transactions, redirecting them to attacker-controlled wallets. The attack was detected and mitigated by the NPM team, who removed the malicious versions within two hours. The phishing campaign targeted multiple maintainers, using a fake domain to trick them into updating their 2FA credentials. The malicious code operates by hooking into JavaScript functions and wallet APIs, intercepting and altering cryptocurrency transactions. The attack impacts users who installed the compromised packages during a specific time window and have vulnerable dependencies. The attack targeted Josh Junon, also known as Qix, who received a phishing email mimicking npm. The phishing email prompted the maintainer to enter their username, password, and 2FA token, which were stolen via an adversary-in-the-middle (AitM) attack. The attack affected 20 packages, including ansi-regex, chalk, debug, and others, with over 2 billion weekly downloads. The malware intercepts cryptocurrency transaction requests by computing the Levenshtein distance to swap the destination wallet address. The payload hooks into window.fetch, XMLHttpRequest, and window.ethereum.request, along with other wallet provider APIs. The attack also compromised another maintainer, duckdb_admin, to distribute the same wallet-drainer malware. The affected packages from the second maintainer include @coveops/abi, @duckdb/duckdb-wasm, and prebid, among others. The attack impacted roughly 10% of all cloud environments. The attackers diverted five cents worth of ETH and $20 worth of a virtually unknown memecoin. The attacker’s wallet addresses holding significant amounts have been flagged, limiting their ability to convert or use the funds.

Salesloft has taken Drift offline due to a security incident involving the theft of OAuth tokens and unauthorized access to Salesforce data. The breach began with the compromise of Salesloft's GitHub account, affecting multiple major tech companies, including Cloudflare, Google Workspace, PagerDuty, Palo Alto Networks, Proofpoint, SpyCloud, Tanium, Tenable, Zscaler, Tenable, Qualys, Rubrik, Spycloud, BeyondTrust, CyberArk, Elastic, Dynatrace, Cato Networks, and BugCrowd. The incident was attributed to a threat cluster tracked as UNC6395 and GRUB1. The breach occurred on September 5, 2025, affecting the marketing software-as-a-service product Drift. The attackers exploited vulnerabilities to steal authentication tokens, leading to unauthorized access to sensitive data. Salesloft has temporarily disabled Drift to conduct a comprehensive review and enhance security measures. The ShinyHunters extortion gang and threat actors claiming to be Scattered Spider were involved in the Salesloft Drift attacks, in addition to the previous Salesforce data theft attacks. The threat actors primarily focused on stealing support cases from Salesforce instances, which were then used to harvest credentials, authentication tokens, and other secrets shared in the support tickets. The threat actors' primary objective was to steal credentials, specifically focusing on sensitive information like AWS access keys, passwords, and Snowflake-related access tokens. The number of impacted companies has been updated to 29. Cloudflare disclosed that some customer support cases stored in Salesforce included configuration settings and 104 Cloudflare API tokens. Salesforce restored integration with the Salesloft platform, except for the Drift app, which remains disabled until further notice. The breach also affected Qantas, where executives had their short-term compensation reduced by 15% due to a data breach that impacted approximately 5.7 million passengers.

A critical server-side request forgery (SSRF) vulnerability in Docker Desktop for Windows and macOS allows attackers to hijack the host system by running malicious containers. The flaw, identified as CVE-2025-9074, has a severity rating of 9.3. It enables unauthorized access to user files on the host system, even with Enhanced Container Isolation (ECI) enabled. The vulnerability was discovered by security researcher Felix Boulet, who demonstrated a proof-of-concept exploit that does not require code execution rights inside the container. The flaw affects Docker Desktop on Windows and macOS but not the Linux version. Docker released a patch in version 4.44.3. The exploit can be triggered by a web request from any container to the Docker Engine API at 192.168.65.7:2375 without authentication. The exploit involves posting a JSON payload to /containers/create to bind the host C:\ drive to a folder in the container and using a startup command to access host files. The exploit can be initiated by posting to /containers/{id}/start to launch the container and start the execution. The vulnerability allows an attacker to proxy requests through the vulnerable application and reach the Docker socket, enabling various HTTP request methods depending on the SSRF flaw. The article further elaborates on the differences in impact between the Windows and macOS versions of Docker Desktop, noting that macOS has additional safeguards that mitigate the risk compared to Windows. The vulnerability allows attackers to control containers, mount the host’s file system, and escalate privileges to those of an administrator. On Windows, an attacker could exploit the flaw to mount the host’s file system and overwrite a system DLL to obtain administrative privileges on the host. The macOS version of the application can be exploited to take full control of other containers, or to backdoor the Docker app by mounting and modifying its configuration. A variant of a recently disclosed campaign abuses the TOR network for cryptojacking attacks targeting exposed Docker APIs. The attack chain involves breaking into misconfigured Docker APIs to execute a new container based on the Alpine Docker image and mount the host file system into it. The threat actors run a Base64-encoded payload to download a shell script downloader from a .onion domain. The shell script alters SSH configurations to set up persistence and installs tools such as masscan, libpcap, libpcap-dev, zstd, and torsocks. The dropper launches Masscan to scan the internet for open Docker API services at port 2375 and propagate the infection. The binary includes checks for ports 23 (Telnet) and 9222 (remote debugging port for Chromium browsers) for potential future exploitation. The malware utilizes a Go library named chromedp to interact with the web browser and siphon cookies and other private data. The malware transmits details to an endpoint named "httpbot/add," indicating potential botnet activity. The attackers also block external access to the exposed Docker API by writing a command in the crontab file to create a cron job that executes every minute. The attackers deploy tools to perform mass scans for other open 2375 ports, which are used for malware propagation through the creation of new containers using the identified exposed APIs. The attackers' scripts scan for two additional open ports, namely 23 (Telnet) and 9222 (remote debugging for Chromium browsers). The attackers use a modified Alpine Linux image that includes a base64-encoded shell command to execute the payload. The container executes the decoded shell command, which installs curl and tor, launches a Tor daemon in the background, and waits for the confirmation of the connection by accessing Amazon's checkip.amazonaws.com service over a SOCKS5 proxy. The docker-init.sh script enables persistent SSH access by appending an attacker-controlled public key to /root/.ssh/authorized_keys on the mounted host filesystem. The docker-init.sh script writes a base64-encoded cron job on the host, which executes every minute and blocks external access to port 2375 using whichever firewall utility is available. The malware downloads a Zstandard-compressed Go binary over Tor, decompresses it to /tmp/system, grants execute permissions, and runs it. The Go binary functions as a dropper, extracting and executing an embedded second-stage binary, and parses the host’s utmp file to identify logged-in users. The binary scans for other exposed Docker APIs, attempts to infect them via the same container creation method, and removes competitor containers after gaining access.

Threat actors, including the China-linked APT41 group, are exploiting commercial virtual private server (VPS) infrastructure to quickly and stealthily set up attack infrastructure. This tactic has been observed in coordinated SaaS account compromises across multiple customer environments and in targeted cyber espionage campaigns against U.S. trade officials. The abuse of VPS services allows attackers to bypass geolocation-based defenses, evade IP reputation checks, and blend into legitimate behavior. The attacks involved brute-force attempts, anomalous logins, phishing campaign-related inbox rule creation, and impersonation tactics. In notable incidents, attackers successfully compromised accounts by exploiting VPS services from providers such as Hyonix, Host Universal, Mevspace, and Hivelocity. The attackers deleted phishing emails and created obfuscated email rules to conceal their activities. The use of VPS infrastructure enables attackers to rapidly deploy infrastructure, making it difficult for defenders to track and respond to threats. The impersonation of U.S. Rep. John Moolenaar was part of a larger espionage campaign targeting U.S. trade officials. The campaign involved spear-phishing attacks impersonating a U.S. Congressman to gain unauthorized access to systems and sensitive information. The attacks exploited developer tools to create hidden pathways and siphon data to attacker-controlled servers.