Glassworm & CrowdStrike Trivy/LiteLLM Supply Chain Compromises
Key Questions
What is the Miasma worm and how does it achieve persistence?
The Miasma worm maintains a GitHub token that survives full rebuilds through backdated stealth commits. A detection script is available to confirm instances of the TanStack compromise wave.
How does Cosign help mitigate supply chain risks for container images?
Cosign enables signing of container images to verify integrity before use by customers. It integrates with post-build workflows including SBOM generation, SLSA attestations, and tools like Trivy for enhanced supply chain security.
What new workflows support Docker SBOM attachment and code signing?
New integrations include JS Syft workflows for SBOM creation, Lambda signing capabilities, and a Cosign signing tutorial. These build on existing measures like AWS CodePipeline and Sigstore for comprehensive mitigation.
Glassworm infects VS Code/npm via Unicode/Zig/Solana C2 (73 exts,320 artifacts); TanStack/node-ipc and Mini Shai-Hulud (317 pkgs via OIDC/Sigstore); Three CVEs, SAP/Checkmarx/Bitwarden; code signing abuses; AWS CodePipeline/Signer; post-build Cosign/SLSA/SBOM/Trivy/Grype/VEX; Debian repro; Harness/Red Hat. New: Miasma worm token persistence after full rebuild, backdated stealth commits, detection script (confirms TanStack wave). New Docker SBOM attachment, JS Syft workflows, Lambda signing, and Cosign signing tutorial integrate for mitigation.