Cyber Alert Security News Daily

CI/CD/AI supply chain RCEs escalating

CI/CD/AI supply chain RCEs escalating

Key Questions

What supply chain attacks are targeting CI/CD and AI development tools?

Attacks include the Miasma worm hitting 73 Microsoft GitHub repos, typosquatted npm packages delivering RATs, Atomic Arch compromising Linux AUR packages, and multiple JetBrains IDE plugins stealing AI API keys.

Which WordPress plugins have critical vulnerabilities under active attack?

UpdraftPlus (affecting 3M sites) has an auth bypass with active attacks, and Kirki has a CVSS 9.8 password reset flaw impacting 150k sites, both requiring immediate patching.

What is the risk posed by the LiteLLM vulnerability?

LiteLLM's host header injection flaw allows unauthenticated access to management routes, enabling potential compromise of AI infrastructure until patched to version 1.84.0.

Are there any zero-days in popular development platforms?

Yes, Gogs has a CVSS 9.4 zero-day with over 2,300 instances exposed, and Vitest has a public PoC for CVE-2026-53633 (CVSS 9.8) enabling RCE.

What AI-related security issues are highlighted in recent reports?

Widespread AI credential exposure in production environments, multiple IDE plugins exfiltrating API keys, and Liran Tal's research on AI agents installing malware are key concerns.

Which cloud and DevOps tools have critical CVEs?

Splunk, Red Hat migration-planner, Cloud Foundry UAA (SAML bypass), Hermes, SimpleHelp, and Langflow CVE-2026-5027 all have critical flaws with some actively exploited.

What is the scope of the easy-day-js npm supply chain attack?

A typosquatted dependency delivered a cross-platform RAT to 144 npm packages, specifically targeting blockchain developers in a coordinated campaign.

How are partnerships addressing AI tool governance risks?

Cycode and CrowdStrike have partnered to help organizations govern AI tools in developer environments and mitigate risks from unauthorized agents and credential exposure.

Miasma worm hits 73 Microsoft GitHub repos; targeting npm. Gogs zero-day (CVSS 9.4) – 2,300+ exposed. UpdraftPlus WordPress plugin auth bypass (3M sites) – active attacks, patch 1.26.5. Langflow CVE-2026-5027 RCE actively exploited. PhpSpreadsheet RCE patch bypass. Jenkins deserialization (CVE-2026-53435) actively exploited. Atomic Arch Campaign hijacks 20+ Linux AUR packages; 400+ infected packages. Chinese state actors backdoor Linux core utilities (REF6138). Kirki WordPress plugin password reset exploit (CVSS 9.8) – 150k sites. Critical cloud tool CVEs: Splunk, Red Hat migration-planner (token exposure, control-plane risk), Hermes, SimpleHelp OIDC bypass. LangGraph flaw chain. npm supply chain campaign targeting blockchain developers. Vitest RCE CVE-2026-53633 (CVSS 9.8) with public PoC. Google Vertex AI SDK bucket squatting flaw. Cloud Foundry UAA SAML auth bypass. LiteLLM host header injection bypasses authentication (patch 1.84.0) – new advisory confirms unauthenticated access to management routes. Multiple JetBrains IDE plugins stealing AI API keys. Liran Tal talk on AI agents installing malware. easy-day-js typosquatted dependency delivered cross-platform RAT to 144 npm packages. Cycode + CrowdStrike partnership on AI tool governance. Orca Security report reveals widespread AI credential exposure in production environments. Patch/WAF urgent.

Sources (11)
Updated Jun 24, 2026