CI-CD/AI supply chain RCEs escalating
Key Questions
What supply chain attacks targeted GitHub recently?
A group called TeamPCP used a malicious VS Code extension to exfiltrate around 3800 internal repositories from GitHub. The attack is linked to Shai-Hulud and similar operations affecting open-source supply chains.
What is the ChromaDB RCE vulnerability and its impact?
ChromaDB has an unpatched remote code execution flaw (ChromaToast) that requires no authentication and affects about 73% of exposed servers. It allows attackers to force the API to load malicious code.
Which other AI and development tools have recent RCE issues?
NVIDIA Triton and AntV (Mini-Shai-Hulud) also face supply-chain and RCE risks. These join WordPress Avada and Drupal SQL injection flaws in the current wave of critical vulnerabilities.
How are LLMs being used in exploit generation?
LLMs are now benchmarked for their ability to create working exploits automatically. This raises concerns about faster and more scalable attacks on vulnerable systems.
What immediate actions are recommended for the reported flaws?
Organizations should apply patches urgently and deploy web application firewalls where patches are unavailable. Monitoring for supply-chain indicators is also advised.
What is the status of the Drupal SQL injection flaw?
Drupal's CVE-2026-9082 allows unauthenticated attackers to perform SQL injection on every visitor. A patch is available and should be applied immediately.
How was the GitHub attack executed via VS Code?
A poisoned extension installed by a developer granted attackers access to internal repositories. GitHub has confirmed the exfiltration of source code and related data.
Are there reports of data from these attacks being sold?
Hackers have listed Mistral AI source code for sale following a related supply-chain compromise. Similar leaks of stolen code and credentials are ongoing.
GitHub TeamPCP/Shai-Hulud exfiltrated ~3800 repos; AntV Mini-Shai-Hulud; ChromaDB RCE (73% exposed); NVIDIA Triton; WordPress Avada RCE; Drupal SQLi. LLMs now benchmarked for exploit generation. Patch/WAF urgent.