Malicious code in generator-go-circleci (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff938c3edbce8d3776448005a489240ddb234790867c0c0d34109efb170e9fec The package generator-go-circleci was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3346 Malicious code in generator-go-circleci (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff938c3edbce8d3776448005a489240ddb234790867c0c0d34109efb170e9fec The package generator-go-circleci was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview generator-go-circleci is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

@circleci/agents (=2.13.2-canary.8150572), claude-code-webui (>=0.1.51 <=0.1.56) potentially affected by CVE-2026-24052 via @anthropic-ai/claude-code (=1.0.108)

@anthropic-ai/claude-code NPM version =1.0.108 is affected by a known vulnerability. The following packages have a transitive dependency on @anthropic-ai/claude-code and may be impacted: - @circleci/agents =2.13.2-canary.8150572 - claude-code-webui =0.1.51, =0.1.56 Source cves: CVE-2026-24052...

@circleci/agents (>=2.4.0-canary.0ba816b <=2.17.2-canary.ea22b4e), @lfades/next-code (>=0.0.1 <=0.0.2) +2 more potentially affected by CVE-2026-22812 via opencode-ai (>=0.14.7 <=1.0.123)

opencode-ai NPM version =0.14.7, =2.4.0-canary.0ba816b, =0.0.1, =0.1.0, =0.1.9, =0.5.7 Source cves: CVE-2026-22812 Source advisory: OSV:GHSA-VXW4-WV6M-9HHH...

EUVD-2025-199424

Malicious code in @voiceflow/circleci-config-sdk-orb-import npm...

Malicious Package

Overview circleci-docs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-48486 Malicious code in circleci-docs (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d54b71e0248eb8babb0f78827eff5338450108a9cb2814de5573278a5eac86c Any computer that has this package installed or running should be considered...

Malicious code in circleci-docs (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d54b71e0248eb8babb0f78827eff5338450108a9cb2814de5573278a5eac86c Any computer that has this package installed or running should be considered...

SaaS Breaches Start with Tokens - What Security Teams Must Watch

Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen token hygiene to prevent attacks. Most companies in 2025 rely on a whole range of software-as-a-service SaaS applications to run their operations. However,...

@circleci/agents (=2.13.2-canary.8150572), claude-code-webui (>=0.1.51 <=0.1.56) potentially affected by CVE-2025-59536 via @anthropic-ai/claude-code (=1.0.108)

@anthropic-ai/claude-code NPM version =1.0.108 is affected by a known vulnerability. The following packages have a transitive dependency on @anthropic-ai/claude-code and may be impacted: - @circleci/agents =2.13.2-canary.8150572 - claude-code-webui =0.1.51, =0.1.56 Source cves: CVE-2025-59536...

MAL-2025-17052 Malicious code in circleci-test (npm)

The package circleci-test was found to contain malicious code...

Malicious code in circleci-test (npm)

The package circleci-test was found to contain malicious code...

AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs

New cybersecurity research has found that command-line interface CLI tools from Amazon Web Services AWS and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud security firm Orca. "Some...

Reflecting on supply chain attacks halfway through 2023

Welcome to this weeks edition of the Threat Source newsletter. Between the Talos Takes episode last week and helping my colleague Hazel with the Half-Year in Review, I realized how much I had already forgotten about 2023 already. Its been a whirlwind, personally and professionally, and I think it...

Uncovering (and Understanding) the Hidden Risks of SaaS Apps

Recent data breaches across CircleCI, LastPass, and Okta underscore a common theme: The enterprise SaaS stacks connected to these industry-leading apps can be at serious risk for compromise. CircleCI, for example, plays an integral, SaaS-to-SaaS role for SaaS app development. Similarly, tens of...

CircleCI: Malware stole GitHub OAuth keys, bypassing 2FA

Software development service company CircleCI has published its incident report on a breach that happened in December. CircleCI revealed an engineer's laptop was successfully infected with a yet-to-be-named information-stealing Trojan, which was used to steal an engineer's session cookie. The...

Malware Attack on CircleCI Engineer's Laptop Leads to Recent Security Incident

DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee's laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company's systems and data last month. The CI/CD service CircleCI said the "sophisticated...

Threat Source newsletter (Jan. 12, 2023): Did ChatGPT write our newsletter?

Welcome to this weeks edition of the Threat Source newsletter. We tried to get ChatGPT to write this weeks newsletter but it was at capacity, so youll have to stick with us for another week. Or maybe thats just what the robots want you to think, you be the judge. The one big thing This week Talos...

Hackers Using Fake CircleCI Notifications to Hack GitHub Accounts

GitHub has put out an advisory detailing what may be an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication 2FA codes by impersonating the CircleCI DevOps platform. The Microsoft-owned code hosting service said it learned of the attack on September 16,...