Skip to main content

Categories

Subscribe to Feed

Latest Posts

Showing 0 Items

News

StepSecurity Is Sponsoring GitHub Universe 2025

We’re thrilled to announce that we are sponsoring GitHub Universe 2025 as a Bronze Sponsor — our very first booth at a major conference!

Jake Karger

October 4, 2025

Read
Product

Introducing StepSecurity Threat Intelligence: Real-Time Supply Chain Attack Alerts for Your SIEM

StepSecurity has launched Threat Intelligence, a real-time supply chain attack alerting system designed for seamless SIEM and SOC integration. Unlike generic vulnerability feeds, it delivers actionable intelligence within minutes of compromise, cutting MTTD and MTTR from days to minutes. Powered by the same detection systems that uncovered the tj-actions and nx compromises, it provides proven early-warning capabilities.

Varun Sharma

September 18, 2025

Read
News

Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages

The Shai-Hulud worm has infected over 500 NPM packages including @ctrl/tinycolor in an unprecedented self-propagating supply chain attack. The malware harvests AWS/GCP/Azure credentials using TruffleHog, establishes persistence through GitHub Actions backdoors, and automatically spreads to other maintainer packages - marking the first successful worm attack in the NPM ecosystem.

Ashish Kurmi

September 15, 2025

Read
News

8,000 Strong: Harden-Runner's Growing Impact on CI/CD Security

StepSecurity’s Harden-Runner protects 8,000+ repositories with EDR-style runtime monitoring for CI/CD pipelines, stopping supply chain attacks and securing GitHub Actions.

Eromosele Akhigbe

September 11, 2025

Read
Resources

Securing Google Gemini in GitHub Actions with Harden-Runner

Learn how to secure Google Gemini in GitHub Actions with Harden-Runner, combining observability with runtime monitoring for CI/CD security

Ashish Kurmi

September 9, 2025

Read
News

20+ Popular NPM Packages Compromised (Chalk, Debug, Strip-ANSI, Color-Convert, Wrap-ANSI...)

Massive NPM supply chain attack targets cryptocurrency users through compromised maintainer account - affecting packages downloaded billions of times weekly including debug, chalk, ansi-styles, color-convert, strip-ansi and 15+ other critical JavaScript packages. Malicious code injected to steal cryptocurrency wallets and redirect blockchain transactions.

Varun Sharma

September 8, 2025

Read
News

GhostAction Campaign: Over 3,000 Secrets Stolen Through Malicious GitHub Workflows

GitGuardian researchers discover massive supply chain attack affecting 817 repositories across 327 GitHub users. Malicious workflows exfiltrated 3,325 secrets including PyPI, npm, and DockerHub tokens through compromised developer accounts.

Ashish Kurmi

September 5, 2025

Read
News

Introducing the NPM Package Cooldown Check

We’re excited to announce the release of our NPM Package Cooldown Check, which helps teams block newly released, potentially compromised dependencies, while still allowing emergency fixes and integrating seamlessly into GitHub workflows

Sai Likhith

September 5, 2025

Read

There are no blog posts matching your criteria at this time.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
StepSecurity | Home
Request a Demo
Start Free
HomeAbout
DocsPricing
Contact UsProduct Tour
© 2025 All rights reserved
Privacy Policy
Terms of Service