Latest Posts

A week-long automated attack campaign targeted CI/CD pipelines across major open source repositories, achieving remote code execution in multiple targets. The attacker, an autonomous bot called hackerbot-claw, used 5 different exploitation techniques and successfully exfiltrated a GitHub token with write permissions from one of the most popular repositories on GitHub. This post breaks down each attack, shows the evidence, and explains what you can do to protect your workflows.

StepSecurity AI Package Analyst detected 70+ ghost releases across npm's most trusted TypeScript packages.

Harden Runner now supports Windows and macOS GitHub Actions runners, delivering EDR-level runtime security across Linux, Windows, and macOS CI/CD pipelines

AI coding agents install packages, create pull requests, push commits, and run autonomously in CI/CD pipelines. Here's how to secure every stage of that workflow

StepSecurity' detected that cline@2.3.0 was published with a malicious post-install script that silently installs OpenClaw on any machine running npm install. Here's how the attack worked, how we caught it, and what you should do if you're affected.

How StepSecurity delivers real-world protection across all critical pillars identified in Wiz's SDLC Infrastructure Threat Framework (SITF)

StepSecurity detected early supply chain risk signals in a legitimate kilocode npm release, showing how small behavior changes can quietly weaken trust before attacks happen

Get visibility into GitHub Apps, fine-grained PATs, and classic PATs across all your organizations in one dashboard