Latest Posts

The Shai-Hulud NPM Worm Returns as "Sha1-Hulud: The Second Coming" - Devastating Supply Chain Attack Compromises Zapier and ENS Ecosystems, Creates 22,000+ Malicious Repositories and counting

StepSecurity Harden-Runner now protects 9,000+ open-source projects, delivering real-time CI/CD runtime security and defending pipelines against modern supply chain attacks.

Instantly trace any npm package to its origin—across every repository, pull request, and contributor—with StepSecurity’s NPM Package Search.

We’re thrilled to announce that we are sponsoring GitHub Universe 2025 as a Bronze Sponsor — our very first booth at a major conference!

StepSecurity has launched Threat Intelligence, a real-time supply chain attack alerting system designed for seamless SIEM and SOC integration. Unlike generic vulnerability feeds, it delivers actionable intelligence within minutes of compromise, cutting MTTD and MTTR from days to minutes. Powered by the same detection systems that uncovered the tj-actions and nx compromises, it provides proven early-warning capabilities.

The Shai-Hulud worm has infected over 500 NPM packages including @ctrl/tinycolor in an unprecedented self-propagating supply chain attack. The malware harvests AWS/GCP/Azure credentials using TruffleHog, establishes persistence through GitHub Actions backdoors, and automatically spreads to other maintainer packages - marking the first successful worm attack in the NPM ecosystem.

StepSecurity’s Harden-Runner protects 8,000+ repositories with EDR-style runtime monitoring for CI/CD pipelines, stopping supply chain attacks and securing GitHub Actions.

Learn how to secure Google Gemini in GitHub Actions with Harden-Runner, combining observability with runtime monitoring for CI/CD security