BleepingComputer reports that nearly 400,000 unique secrets have been leaked following the second wave of Shai-Hulud malware attacks, which compromised more than 30,000 GitHub repositories last week.Four in five of the impacted repositories had an environment.json file with operating system details, npm package metadata, GitHub credentials, and CI/CD metadata, and almost 70% had a contents.json file containing GitHub usernames and tokens, as well as file snapshots, while 50% had a truffleSecrets.json file with TruffleHog scan results, according to a Wiz analysis.Moreover, over 60% of the exposed npm tokens remained valid. Additional findings showed that Linux accounted for most of the compromised machines, while the bulk of the infections were on containers.GitHub Actions was the most targeted CI/CD platform in the Shai-Hulud 2.0 campaign, followed by Jenkins, GitLab CI, and AWS CodeBuild, said researchers, who noted that early discovery and disruption of certain packages could have alleviated the impact of the campaign.
Supply chain, Identity, Threat Intelligence

Widespread secret exposure in Shai-Hulud 2.0 supply chain campaign detailed

(Adobe Stock)

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



