CI/CD
-
Google patches critical Gemini CLI flaw that could allow remote code execution
Google fixed a critical Gemini CLI flaw that could let attackers execute commands on host systems in headless CI workflows. The issue affected specific npm and GitHub Actions versions and required explicit folder trust after the update.
-
Actor Using Alias 888 Offers More Than 200 GB of Alleged ESA Data
An actor using alias 888 posted on DarkForums on 18 December 2025 offering more than 200 GB of data alleged to be from the European Space Agency. The report has not been independently verified.
-
Shai‑Hulud campaign trojanises hundreds of npm packages and leaks CI/CD secrets to GitHub
A renewed Shai‑Hulud campaign has published thousands of trojanised npm packages that steal developer and CI/CD secrets and post them to GitHub; researchers at Aikido and Wiz say the operation modified legitimate packages, used compromised maintainer accounts and is leaking secrets in automatically created GitHub repositories.
-
Self-propagating npm supply-chain attack hits at least 187 packages in ‘Shai-Hulud’ worm
Security researchers warn of a self-propagating supply-chain attack on npm that has compromised at least 187 packages in a campaign dubbed ‘Shai-Hulud.’ The worm begins with the widely used @ctrl/tinycolor package and spreads to other maintainers’ packages, using a bundle.js payload that leverages TruffleHog to exfiltrate secrets and forge GitHub Actions workflows.
-
Cursor AI editor vulnerability could enable covert code execution on folder open, researchers warn
A vulnerability in Cursor, the AI-augmented fork of Visual Studio Code, could allow attackers to silently run code on a user’s machine when a repository is opened, researchers warn, due to default Workspace Trust settings and potential autorun configurations.
-
GitLab Issues Security Patches Addressing High-Severity Vulnerabilities
GitLab has released vital security updates addressing multiple high-severity vulnerabilities that allow account takeovers and malicious job injections in its DevSecOps platform. The company urges immediate upgrades to mitigate these risks.
