{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/actions/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["@beproduct/nestjs-auth (\u003e= 0.1.2, \u003c= 0.1.19)","github.com","actions","Vault"],"_cs_severities":["critical"],"_cs_tags":["supply-chain","npm","credential-theft","exfiltration","worm"],"_cs_type":"advisory","_cs_vendors":["npmjs","GitHub","AWS","HashiCorp","BeProduct"],"content_html":"\u003cp\u003eBetween 2026-05-11 20:19 UTC and 22:56 UTC, an attacker used a compromised npm publish token to publish 18 malicious versions of \u003ccode\u003e@beproduct/nestjs-auth\u003c/code\u003e (0.1.2 through 0.1.19). The packages contained payloads from the \u003cstrong\u003eMini Shai-Hulud\u003c/strong\u003e npm supply-chain worm campaign. This campaign is also described by Aikido Security, indicating a resurgence of known tactics. npm Security removed the malicious versions from the registry shortly after publication, but any developer who ran \u003ccode\u003enpm install @beproduct/nestjs-auth\u003c/code\u003e resolving to a version in the affected range during that window executed the malicious postinstall script, potentially compromising their environment. Version \u003ccode\u003e0.1.20\u003c/code\u003e is a clean republish. This incident underscores the risks of supply chain attacks targeting developer tooling and the importance of securing npm publish tokens. CVE-2026-46412 is assigned to this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker compromises an npm publish token.\u003c/li\u003e\n\u003cli\u003eAttacker publishes malicious versions (0.1.2 - 0.1.19) of the \u003ccode\u003e@beproduct/nestjs-auth\u003c/code\u003e package to the npm registry.\u003c/li\u003e\n\u003cli\u003eA developer unknowingly installs a malicious version of the package via \u003ccode\u003enpm install @beproduct/nestjs-auth\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe malicious package\u0026rsquo;s postinstall script executes.\u003c/li\u003e\n\u003cli\u003eThe postinstall script attempts to harvest npm tokens (~/.npmrc), GitHub PATs/OAuth tokens, AWS credentials (env vars, ~/.aws/credentials), and HashiCorp Vault tokens, and other secrets from environment variables.\u003c/li\u003e\n\u003cli\u003eThe harvested secrets are exfiltrated to \u003ccode\u003ehttps://filev2.getsession.org\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe script writes persistence artifacts (\u003ccode\u003etanstack_runner.js\u003c/code\u003e, \u003ccode\u003erouter_init.js\u003c/code\u003e, \u003ccode\u003esetup.mjs\u003c/code\u003e) and IDE hook configurations (\u003ccode\u003e.claude/\u003c/code\u003e, \u003ccode\u003e.vscode/\u003c/code\u003e) into the developer\u0026rsquo;s working tree.\u003c/li\u003e\n\u003cli\u003eThe worm attempts to commit \u003ccode\u003esetup.mjs\u003c/code\u003e and hook configurations to PR branches.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis supply chain attack compromised developer environments by injecting malicious code via a popular npm package. Successful exploitation allowed the attacker to steal sensitive credentials, including npm tokens, GitHub PATs/OAuth tokens, AWS credentials, and HashiCorp Vault tokens. The exfiltration of these secrets could lead to further compromise of the victim\u0026rsquo;s infrastructure, including source code repositories, cloud environments, and CI/CD pipelines. The persistence mechanisms ensure that the attacker maintains access even after the initial infection vector is removed. There is no reliable data about the precise number of victims, but any developer who installed the package within the 2 hour 37 minute window is potentially compromised.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the \u0026ldquo;Detect Suspicious NPM Package Postinstall Script\u0026rdquo; Sigma rule to detect execution of malicious postinstall scripts based on process names, file paths and network connections.\u003c/li\u003e\n\u003cli\u003eDeploy the \u0026ldquo;Detect Mini Shai-Hulud Exfiltration\u0026rdquo; Sigma rule to detect connections to the exfiltration domain \u003ccode\u003efilev2.getsession.org\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eBlock the exfiltration domain \u003ccode\u003efilev2.getsession.org\u003c/code\u003e at the network perimeter using the IOC table.\u003c/li\u003e\n\u003cli\u003eMonitor for connections to cloud metadata endpoints (\u003ccode\u003e169.254.169.254\u003c/code\u003e) and vault probes (\u003ccode\u003evault.svc.cluster.local:8200\u003c/code\u003e) from developer workstations, as these are unusual and may indicate compromised environments using the IOC table.\u003c/li\u003e\n\u003cli\u003eScan systems for the presence of persistence artifacts such as \u003ccode\u003etanstack_runner.js\u003c/code\u003e, \u003ccode\u003erouter_init.js\u003c/code\u003e, and suspicious IDE configuration files in \u003ccode\u003e.claude/\u003c/code\u003e and \u003ccode\u003e.vscode/\u003c/code\u003e directories as listed in the IOC table.\u003c/li\u003e\n\u003cli\u003eImmediately rotate all potentially exposed credentials if any version in the range \u003ccode\u003e\u0026gt;=0.1.2 \u0026lt;=0.1.19\u003c/code\u003e of \u003ccode\u003e@beproduct/nestjs-auth\u003c/code\u003e was installed in your environment, as described in the mitigation steps.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-19T20:29:06Z","date_published":"2026-05-19T20:29:06Z","id":"https://feed.craftedsignal.io/briefs/2026-05-mini-shai-hulud/","summary":"Between May 11th and May 12th of 2026, a threat actor compromised an npm publish token to publish 18 malicious versions of the '@beproduct/nestjs-auth' package (versions 0.1.2 through 0.1.19) containing payloads from the Mini Shai-Hulud npm supply-chain worm campaign that exfiltrated npm tokens, GitHub PATs/OAuth tokens, AWS credentials, and Vault tokens, impacting developer environments.","title":"Malicious @beproduct/nestjs-auth Package Contains Mini Shai-Hulud Worm (CVE-2026-46412)","url":"https://feed.craftedsignal.io/briefs/2026-05-mini-shai-hulud/"}],"language":"en","title":"CraftedSignal Threat Feed — Actions","version":"https://jsonfeed.org/version/1.1"}