Elementary-data package hit by network compromise
Incident
Summary
Hide ▲
Show ▼
The elementary-data project suffered a malicious release compromise that exposed users of PyPI and GitHub Container Registry to a backdoored package and image. An attacker abused a GitHub Actions script injection flaw to obtain the project’s GITHUB_TOKEN, forge a signed v0.23.3 release, and trigger the legitimate pipeline. The booby-trapped release dropped elementary.pth at startup to steal SSH keys, Git credentials, cloud creds, Kubernetes/Docker/CI secrets, .env files, developer tokens, and crypto wallet files. A clean 0.23.4 release replaced the malicious version, but systems that pulled elementary-data==0.23.3 or the :0.23.3 and :latest images remained compromised.
Related Happenings
Operation Navy Ghost PyPI supply-chain campaign
Campaign
H score26
First: 01.07.2026 00:02
Last: 01.07.2026 00:02
Sources 1
About this happening:
The **Operation Navy Ghost** campaign has targeted **Python developers** building **Telegram bots** through trojanized **Pyrogram forks**, creating a supply-chain path to compromi...
Operation Navy Ghost PyPI supply-chain campaign
CampaignAbout this happening: The **Operation Navy Ghost** campaign has targeted **Python developers** building **Telegram bots** through trojanized **Pyrogram forks**, creating a supply-chain path to compromi...
Codfish/semantic-release-action hit by network compromise
Incident
H score21
First: 26.06.2026 14:05
Last: 26.06.2026 14:05
Sources 1
About this happening:
The **codfish/semantic-release-action** GitHub Action was hit by a **malicious commit force-push** and **tag redirection** that caused trusted workflows to run attacker code. The...
Codfish/semantic-release-action hit by network compromise
IncidentAbout this happening: The **codfish/semantic-release-action** GitHub Action was hit by a **malicious commit force-push** and **tag redirection** that caused trusted workflows to run attacker code. The...
GitHub actions/checkout blocks fork pull request checkouts by default in privileged workflows
Security Tool/Service
H score11
First: 23.06.2026 17:22
Last: 23.06.2026 17:22
Sources 1
About this happening:
GitHub's **actions/checkout** now refuses common **pwn request** patterns by default, cutting the risk of attacker-controlled code execution in privileged **GitHub Actions** workf...
GitHub actions/checkout blocks fork pull request checkouts by default in privileged workflows
Security Tool/ServiceAbout this happening: GitHub's **actions/checkout** now refuses common **pwn request** patterns by default, cutting the risk of attacker-controlled code execution in privileged **GitHub Actions** workf...
AUR package-hijacking campaign delivering atomic-lockfile
Campaign
H score11
First: 12.06.2026 20:03
Last: 12.06.2026 20:03
Sources 1
About this happening:
**AUR package-hijacking campaign** is abusing **more than 400** compromised **Arch User Repository (AUR)** packages to deliver **atomic-lockfile**, turning the **AUR** build path...
AUR package-hijacking campaign delivering atomic-lockfile
CampaignAbout this happening: **AUR package-hijacking campaign** is abusing **more than 400** compromised **Arch User Repository (AUR)** packages to deliver **atomic-lockfile**, turning the **AUR** build path...
Atomic-lockfile rootkit-infostealer distribution through AUR packages
Malware Activity
H score3
First: 12.06.2026 20:03
Last: 12.06.2026 20:03
Sources 1
About this happening:
**AUR packages** are distributing the **atomic-lockfile** **Linux rootkit and infostealer** through compromised build scripts, with **more than 400 packages** reported and the **o...
Atomic-lockfile rootkit-infostealer distribution through AUR packages
Malware ActivityAbout this happening: **AUR packages** are distributing the **atomic-lockfile** **Linux rootkit and infostealer** through compromised build scripts, with **more than 400 packages** reported and the **o...
Timeline
-
27.04.2026 18:17 2 articles · 2mo ago
Malicious elementary-data 0.23.3 release disclosed
Initial DisclosureA malicious elementary-data 0.23.3 release was disclosed as having abused a GitHub Actions script injection flaw in the project’s release workflow, used the exposed GITHUB_TOKEN to forge a signed v0.23.3 tag, and published backdoored artifacts to PyPI and GitHub Container Registry. The package and Docker image carried elementary.pth to steal SSH keys, Git credentials, cloud creds, Kubernetes/Docker/CI secrets, .env files, developer tokens, and cryptocurrency wallet files, while a clean elementary-data 0.23.4 replacement was pushed and users of the compromised release and images were told to rotate secrets and restore from a known safe point.
Show sources
- PyPI package with 1.1M monthly downloads hacked to push infostealer — www.bleepingcomputer.com — 27.04.2026 18:17
- PyPI package with 1.1M monthly downloads hacked to push infostealer — www.bleepingcomputer.com — 27.04.2026 18:17