AWS CodeBuild Misconfiguration Enables Supply Chain Attack Path

Microsoft's December 2025 Patch Tuesday addresses 56 vulnerabilities, including three zero-days. One zero-day (CVE-2025-62221) is actively exploited, allowing privilege escalation in Windows Cloud Files Mini Filter Driver. Two other zero-days (CVE-2025-64671, CVE-2025-54100) are publicly disclosed, affecting GitHub Copilot for JetBrains and PowerShell. The updates also fix 3 critical remote code execution vulnerabilities. Additionally, Microsoft released the KB5071546 extended security update for Windows 10 Enterprise LTSC and ESU program participants, addressing the same vulnerabilities and updating Windows 10 to build 19045.6691 and Windows 10 Enterprise LTSC 2021 to build 19044.6691. The update includes a fix for CVE-2025-54100, a remote code execution zero-day vulnerability in PowerShell, and introduces a confirmation prompt with a security warning for script execution risk when using the Invoke-WebRequest command in PowerShell 5.1. Microsoft patched a total of 1,275 CVEs in 2025, according to data compiled by Fortra. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-62221 to the Known Exploited Vulnerabilities (KEV) catalog, mandating FCEB agencies to apply the patch by December 30, 2025. The remaining two zero-days, CVE-2025-54100 and CVE-2025-64671, are part of a broader set of security vulnerabilities collectively named IDEsaster, affecting multiple AI coding platforms.

A critical misconfiguration flaw in Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23.0 and earlier is under active exploitation. The flaw, CVE-2025-54253, allows arbitrary code execution via an exposed servlet. Adobe released a patch in August 2025. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies must apply the necessary fixes by November 5, 2025. The flaw was discovered by Adam Kues and Shubham Shah of Searchlight Cyber, who disclosed it to Adobe on April 28, 2025. The flaw is caused by an exposed /adminui/debug servlet that evaluates user-supplied OGNL expressions as Java code without authentication or input validation. This enables attackers to execute arbitrary system commands with a single crafted HTTP request. A proof-of-concept exploit is publicly available.

The GhostAction supply chain attack compromised 3,325 secrets from GitHub repositories. The attack, discovered by GitGuardian on September 2, 2025, involved malicious commits to GitHub Actions workflows that exfiltrated secrets to an external domain. The first signs of compromise were detected in the FastUUID project. The attack affected at least 817 repositories and targeted multiple package ecosystems, including PyPI, npm, DockerHub, and AWS keys. The exfiltration endpoint was taken down shortly after the campaign's discovery. The compromised secrets included PyPI tokens, npm tokens, DockerHub tokens, GitHub tokens, Cloudflare API tokens, AWS access keys, and database credentials. The attack impacted at least nine npm and 15 PyPI packages, potentially allowing for the release of malicious or trojanized versions. The Python Software Foundation invalidated all PyPI tokens stolen in the attack, confirming that the threat actors did not abuse them to publish malware. GitGuardian notified the security teams of GitHub, npm, and PyPI and opened issues in 573 impacted repositories. A hundred repositories had already detected and reverted the malicious changes before the full scope of the campaign was uncovered. GitGuardian notified PyPI on September 5, 2025, but the email ended up in the spam folder, delaying the response until September 10, 2025. PyPI advised maintainers to replace long-lived tokens with short-lived Trusted Publishers tokens and review their security history for any suspicious activity.

The Shai-Hulud worm, a self-replicating malware, has compromised at least 187 npm packages, affecting multiple maintainers. The attack uses a self-propagating mechanism to infect other packages by the same maintainer, modifying package.json, injecting a bundle.js script, repacking the archive, and republishing it. The malware uses TruffleHog to search the host for tokens and cloud credentials, creating unauthorized GitHub Actions workflows within repositories and exfiltrating sensitive data to a hardcoded webhook endpoint. The attack is named 'Shai-Hulud' after the shai-hulud.yaml workflow files used by the malware and follows the 's1ngularity' attack, potentially orchestrated by the same attackers. The attack unfolded in three phases, impacting 2,180 accounts and 7,200 repositories. The first phase, between August 26 and 27, directly impacted 1,700 users, leaking over 2,000 unique secrets and exposing 20,000 files. The second phase, between August 28 and 29, compromised an additional 480 accounts, mostly organizations, and exposed 6,700 private repositories. The third phase, beginning on August 31, targeted a single victim organization, publishing an additional 500 private repositories. The attackers used AI-powered CLI tools like Claude, Q, and Gemini to dynamically scan for high-value secrets, tuning the prompts for better success. A second wave of attacks, dubbed Sha1-Hulud, has compromised hundreds of npm packages. This new campaign introduces a variant that executes malicious code during the preinstall phase, increasing potential exposure in build and runtime environments. The attackers add a preinstall script (setup_bun.js) in the package.json file, which installs or locates the Bun runtime and runs a bundled malicious script (bun_environment.js). The malicious payload registers the infected machine as a self-hosted runner named SHA1HULUD and adds a workflow called .github/workflows/discussion.yaml. The malware downloads and runs TruffleHog to scan the local machine, stealing sensitive information such as NPM Tokens, AWS/GCP/Azure credentials, and environment variables. Wiz researchers identified over 25,000 affected repositories across about 350 unique users, with 1,000 new repositories being added consistently every 30 minutes in the last couple of hours. The second wave is more aggressive, with the malware attempting to destroy the victim's entire home directory if it fails to authenticate or establish persistence. The wiper-like functionality is triggered only if the malware cannot authenticate to GitHub, create a GitHub repository, fetch a GitHub token, or find an npm token. Organizations are urged to scan all endpoints for impacted packages, remove compromised versions, rotate all credentials, and audit repositories for persistence mechanisms. The new Shai-Hulud worm targets popular projects like Zapier and PostHog. The new version can infect up to 100 npm packages, compared to 20 in the previous version. The malware has an unusual structure, split into two files to evade detection. The first file checks for and installs a non-standard 'bun' JavaScript runtime, while the second file is a massive malicious source file that publishes stolen data to .json files in a randomly named GitHub repository. The size and structure of the file confuse AI analysis tools, causing inconsistent analysis results. The worm is scaling rapidly, with 1000 new repositories discovered every 30 minutes. The worm poses a significant risk to the software industry and end users, potentially leading to data breaches, ransomware footholds, and a loss of trust in the npm ecosystem. The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. A Maven Central package named org.mvnpm:posthog-node:4.18.1 was identified to embed the same two components associated with Sha1-Hulud: the 'setup_bun.js' loader and the main payload 'bun_environment.js'. The Maven Central package is not published by PostHog itself but is generated via an automated mvnpm process that rebuilds npm packages as Maven artifacts. The 'second coming' of the supply chain incident has targeted developers globally to steal sensitive data like API keys, cloud credentials, and npm and GitHub tokens. The latest iteration of the attack is more stealthy, aggressive, scalable, and destructive. The attack allows threat actors to gain unauthorized access to npm maintainer accounts and publish trojanized versions of their packages. When unsuspecting developers download and run these libraries, the embedded malicious code backdoors their own machines and scans for secrets and exfiltrates them to GitHub repositories using the stolen tokens. The attack accomplishes this by injecting two rogue workflows, one of which registers the victim machine as a self-hosted runner and enables arbitrary command execution whenever a GitHub Discussion is opened. A second workflow is designed to systematically harvest all secrets. Over 28,000 repositories have been affected by the incident. This version significantly enhances stealth by utilizing the Bun runtime to hide its core logic and increases its potential scale by raising the infection cap from 20 to 100 packages. It also uses a new evasion technique, exfiltrating stolen data to randomly named public GitHub repositories instead of a single, hard-coded one. The attacks illustrate how trivial it is for attackers to take advantage of trusted software distribution pathways to push malicious versions at scale and compromise thousands of downstream developers. The self-replication nature of the malware means a single infected account is enough to amplify the blast radius of the attack and turn it into a widespread outbreak in a short span of time. Further analysis by Aikido has uncovered that the threat actors exploited vulnerabilities, specifically focusing on CI misconfigurations in pull_request_target and workflow_run workflows, in existing GitHub Actions workflows to pull off the attack. The vulnerability used the risky pull_request_target trigger in a way that allowed code supplied by any new pull request to be executed during the CI run. A single misconfiguration can turn a repository into a patient zero for a fast-spreading attack, giving an adversary the ability to push malicious code through automated pipelines you rely on every day. It's assessed that the activity is the continuation of a broader set of attacks targeting the ecosystem that commenced with the August 2025 S1ngularity campaign impacting several Nx packages on npm. As a new and significantly more aggressive wave of npm supply chain malware, Shai-Hulud 2 combines stealthy execution, credential breadth, and fallback destructive behavior, making it one of the most impactful supply chain attacks of the year. This malware shows how a single compromise in a popular library can cascade into thousands of downstream applications by trojanizing legitimate packages during installation. Data compiled by GitGuardian, OX Security, and Wiz shows that the campaign has leaked hundreds of GitHub access tokens and credentials associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure. More than 5,000 files were uploaded to GitHub with the exfiltrated secrets. GitGuardian's analysis of 4,645 GitHub repositories has identified 11,858 unique secrets, out of which 2,298 remained valid and publicly exposed as of November 24, 2025. Users are advised to rotate all tokens and keys, audit all dependencies, remove compromised versions, reinstall clean packages, and harden developer and CI/CD environments with least-privilege access, secret scanning, and automated policy enforcement. Sha1-Hulud is another reminder that the modern software supply chain is still way too easy to break. A single compromised maintainer and a malicious install script is all it takes to ripple through thousands of downstream projects in a matter of hours. The techniques attackers are using are constantly evolving. Most of these attacks don't rely on zero-days. They exploit the gaps in how open source software is published, packaged, and pulled into production systems. The only real defense is changing the way software gets built and consumed. The Shai-Hulud worm dynamically installs Bun during package installation to evade traditional defenses tuned specifically to observe Node.js behavior. GitGuardian's analysis revealed a total of 294,842 secret occurrences, which correspond to 33,185 unique secrets. Of these, 3,760 were valid as of November 27, 2025. The stolen secrets included GitHub access tokens, Slack webhook URLs, GitHub OAuth tokens, AWS IAM keys, OpenAI Project API keys, Slack bot tokens, Claude API keys, Google API Keys, and GitLab tokens. Trigger.dev suffered credential theft and unauthorized access to its GitHub organization due to the Shai-Hulud worm. The Python Package Index (PyPI) repository was not impacted by the supply chain incident. The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM registry and publishing stolen data in 30,000 GitHub repositories. Although just about 10,000 of the exposed secrets were verified as valid by the open-source TruffleHog scanning tool, researchers at cloud security platform Wiz say that more than 60% of the leaked NPM tokens were still valid as of December 1st. The Shai-Hulud threat emerged in mid-September, compromising 187 NPM packages with a self-propagating payload that identified account tokens using TruffleHog, injected a malicious script into the packages, and automatically published them on the platform. In the second attack, the malware impacted over 800 packages (counting all infected versions of a package) and included a destructive mechanism that wiped the victim’s home directory if certain conditions were met. The malware used TruffleHog without the 'only-verified' flag, meaning that the 400,000 exposed secrets match a known format and may not be valid or usable anymore. Analysis of 24,000 environment.json files showed that roughly half of them were unique, with 23% corresponding to developer machines, and the rest coming from CI/CD runners and similar infrastructure. Most of the infected machines, 87% of them, are Linux systems, while most infections (76%) were on containers. Regarding the CI/CD platform distribution, GitHub Actions led by far, followed by Jenkins, GitLab CI, and AWS CodeBuild. The top package was @postman/[email protected], followed by @asyncapi/[email protected]. These two packages together accounted for more than 60% of all the infections. Wiz believes that the perpetrators behind Shai-Hulud will continue to refine and evolve their techniques, and predicts that more attack waves will emerge in the near future, potentially leveraging the massive credential trove harvested so far.

Cisco has disclosed and patched a critical vulnerability in the RADIUS subsystem of Secure Firewall Management Center (FMC) Software. The flaw, CVE-2025-20265, allows unauthenticated, remote attackers to execute arbitrary shell commands on affected systems. This vulnerability affects FMC Software versions 7.0.7 and 7.7.0 when RADIUS authentication is enabled for web-based management or SSH. The issue arises from improper handling of user input during the authentication phase, enabling attackers to inject malicious commands. Successful exploitation can lead to high-privilege command execution. There are no workarounds other than applying the provided patches. The flaw was discovered by Brandon Sakai during internal security testing. Cisco has also resolved several high-severity bugs in various products.