ctipilot.ch

SentinelOne

campaign · campaign:sentinelone-living-off-the-pipeline-2026 single-source

SentinelOne — Living Off the Pipeline CI/CD subversion taxonomy with three case studies (TeamCity / GitLab service-account / Contagious Interview)

Coverage timeline
10
first 2026-05-04 → last 2026-06-29
Entries
10
8 distinct days
Sources cited
42
17 hosts
Sections touched
7
active-threats, deep-dive, research
Co-occurring entities
8
see Related entities below
2026-05-0410 appearances2026-06-29

Story timeline

  1. 2026-06-29Threat-actor developments: Russia-nexus espionage broadens; new China-nexus and DPRK clusters
    weekly-researchThreat-actor developments: Russia-nexus espionage broadens; new China-nexus and DPRK clusters
  2. 2026-06-26macOS.Gaslight — a DPRK-aligned Rust backdoor that targets the LLM-assisted analyst
    researchmacOS.Gaslight — a DPRK-aligned Rust backdoor that targets the LLM-assisted analyst
  3. 2026-05-28MuddyWater / Seedworm — Symantec and Carbon Black document new DLL-side-loading pair via signed Fortemedia and SentinelOne binaries, ChromElevator for Chromium App-Bound Encryption bypass, Node.js orchestration
    researchMuddyWater / Seedworm — Symantec and Carbon Black document new DLL-side-loading pair via signed Fortemedia and SentinelOne binaries, ChromElevator for Chromium
  4. 2026-05-25Ghost CMS CVE-2026-26980 → ClickFix: the CMS-compromise-to-endpoint kill chain
    deep-diveGhost CMS CVE-2026-26980 → ClickFix: the CMS-compromise-to-endpoint kill chain
  5. 2026-05-25CVE-2026-26980 — Ghost CMS Content API: unauthenticated blind SQL injection in the slug filter, actively exploited
    trending-vulnerabilitiesCVE-2026-26980 — Ghost CMS Content API: unauthenticated blind SQL injection in the slug filter, actively exploited
  6. 2026-05-19Symantec / Carbon Black document Fast16 hook engine targeting LS-DYNA/AUTODYN nuclear-simulation codes; Kim Zetter corrects "pre-Stuxnet" framing to contemporaneous-and-simulation-sabotage
    researchSymantec / Carbon Black document Fast16 hook engine targeting LS-DYNA/AUTODYN nuclear-simulation codes; Kim Zetter corrects "pre-Stuxnet" framing to
  7. 2026-05-19Grafana Labs CoinbaseCartel breach — victim confirms source-code-only theft, no customer data, ransom rejected
    active-threatsGrafana Labs CoinbaseCartel breach — victim confirms source-code-only theft, no customer data, ransom rejected
  8. 2026-05-16SentinelOne: "Living Off the Pipeline" — CI/CD subversion taxonomy with three real intrusion cases (TeamCity, GitLab service-account pivot, Contagious Interview)
    researchSentinelOne: "Living Off the Pipeline" — CI/CD subversion taxonomy with three real intrusion cases (TeamCity, GitLab service-account pivot, Contagious
  9. 2026-05-11SentinelOne — Living Off the Pipeline: CI/CD subversion taxonomy
    weekly-annual-reportsSentinelOne — Living Off the Pipeline: CI/CD subversion taxonomy
  10. 2026-05-04TeamPCP → PCPJack — cloud-worm successor evicting prior operator artefacts
    weekly-long-runningTeamPCP → PCPJack — cloud-worm successor evicting prior operator artefacts

Where this entity is cited

  • research4
  • weekly-long-running1
  • weekly-annual-reports1
  • active-threats1
  • trending-vulnerabilities1
  • deep-dive1
  • weekly-research1

Source distribution

  • attack.mitre.org13 (31%)
  • nvd.nist.gov5 (12%)
  • thehackernews.com5 (12%)
  • sentinelone.com3 (7%)
  • bleepingcomputer.com2 (5%)
  • security.com2 (5%)
  • securityweek.com2 (5%)
  • blog.xlab.qianxin.com1 (2%)
  • other9 (21%)

Related entities

All cited sources (42)

Entries about SentinelOne (10)

2026-06-29 · view entry permalink →

Threat-actor developments: Russia-nexus espionage broadens; new China-nexus and DPRK clusters

high research discovered 2026-06-29 00:21 UTC

The most significant new actor finding the dailies did not carry is Turla's STOCKSTAY — Google GTIG characterised a multi-component .NET/Windows Forms backdoor that communicates C2 over secure WebSocket and shares significant code overlap with Kazuar (Turla's staple implant since 2017). Delivery used malicious RDP files by phishing and, as recently as November 2025, RAR archives exploiting WinRAR's CVE-2025-8088 (a flaw also abused by Sandworm, Gamaredon and RomCom). Current targeting is Ukrainian government and military, but earlier victims had Italian, Dutch, Polish and German foreign-policy interest — a direct read-across for Swiss federal and European governmental entities with Ukraine-adjacent policy work (The Hacker News). This sits alongside the week's other Russia-nexus signal: FBI/CISA escalated their warning that Russian intelligence (tracked as UNC5792) is now phishing Signal Backup Recovery Keys for persistent account takeover, and ESET's Gamaredon retrospective (§ 7) shows the FSB-linked group moving exfil and C2 wholesale onto trusted cloud services.

Two non-Russian clusters round out the picture. Unit 42 documented CL-STA-1062, a Chinese-speaking cluster (overlapping Talos's UAT-7237) deploying the new TinyRCT .NET backdoor via AppDomainManager injection against Southeast-Asian government and state-owned energy targets (Unit 42); Kaspersky GReAT analysed the StrikeShark cluster's SharkLoader deploying Cobalt Strike via "Perfect DLL Hijacking" against government targets (Securelist). And SentinelLABS' macOS.Gaslight, a DPRK-aligned Rust backdoor, notably turns prompt injection on the LLM-assisted analyst rather than the sandbox (SentinelLABS) — an early instance of tradecraft built specifically to poison AI-assisted triage. Attribute the claim to the research outfit, not the state, where the source itself hedges.

nation-state espionage russia-nexus china-nexus north-korea-nexus europe switzerland apac global

2026-06-26 · view entry permalink →

macOS.Gaslight — a DPRK-aligned Rust backdoor that targets the LLM-assisted analyst

high research discovered 2026-06-26 04:54 UTC

SentinelLABS analysed macOS.Gaslight, a single-binary Rust implant it ties with high confidence to DPRK-aligned activity (Apple's XProtect detects it as MACOS_BONZAI_COBUCH, with a sibling sample caught by the AIRPIPE rule SentinelLABS also attributes to North Korea) (SentinelLABS, 2026-06-23). Its novel evasion is aimed at the analyst's tooling rather than a sandbox: the binary carries a 3.5 KB Markdown-fenced blob of 38 fabricated "system" messages whose {{DATA}} tokens mimic an LLM triage harness's own prompt scaffold, designed to push an LLM agent into aborting, truncating, or refusing its analysis (Infosecurity Magazine, 2026-06-24). Beyond that, it is a full stealer — staging a CPython interpreter at runtime to harvest Chrome/Brave/Firefox/Safari credentials, terminal history, system_profiler output, and a wholesale copy of login.keychain-db. C2 runs over the Telegram Bot-API getUpdates polling loop with AES-GCM payloads over certificate-pinned TLS; persistence is a LaunchAgent labelled com.apple.system.services.activity (T1543.001).

Why it matters to us: as LLM-assisted triage moves into SOC and MDR workflows, embedding adversarial prompt payloads in samples to corrupt that pipeline is a technique class to expect generalising — treat "benign" LLM verdicts on submitted macOS binaries as provisional pending human review, and flag any binary carrying large role/content message arrays for secondary analysis. Detection concepts: LaunchAgent plists masquerading under com.apple.system.services.* with non-Apple signers; processes spawning Python from non-standard parents; outbound TLS to api.telegram.org from non-user-initiated processes on managed Macs.

nation-state espionage north-korea-nexus infostealer ai-abuse identity global

2026-05-28 · view entry permalink →

MuddyWater / Seedworm — Symantec and Carbon Black document new DLL-side-loading pair via signed Fortemedia and SentinelOne binaries, ChromElevator for Chromium App-Bound Encryption bypass, Node.js orchestration

notable research discovered 2026-05-28 05:00 UTC

Symantec's Threat Hunter Team and Broadcom's Carbon Black published findings on 2026-05-12 documenting a Q1 2026 MuddyWater (a.k.a. Seedworm, Static Kitten, MERCURY, TEMP.Zagros — attributed to Iran's Ministry of Intelligence and Security) espionage campaign across at least nine organisations on four continents. The story re-surfaced this run via fresh aggregator coverage on 2026-05-26 (The Hacker News) — included in window on that basis. Named victim categories include industrial and electronics manufacturing, education and public-sector bodies, financial services, and an international airport in the Middle East (Symantec / Broadcom Threat Intelligence, 2026-05-12; The Hacker News, 2026-05-26; Industrial Cyber, 2026-05-13).

The differentiating TTPs from prior MuddyWater coverage are twofold. First, DLL side-loading via two pairs of legitimately signed third-party binaries: Fortemedia audio-driver binary fmapp.exe side-loading a malicious fmapp.dll; SentinelOne's sentinelmemoryscanner.exe side-loading a rogue sentinelagentcore.dll — abuse of a signed security-product binary specifically chosen to bypass signature-based detection. Both malicious DLLs embed ChromElevator, an open-source post-exploitation tool that bypasses Chromium App-Bound Encryption to extract passwords, cookies and payment-card data without triggering AV. Second, orchestration moved to Node.js: node.exe appears as a parent-process ancestor of cmd.exe before any operator commands — i.e. a Node.js script (not a human operator) drives the kill chain. PowerShell scripts pulled from a staging server perform discovery (T1087, T1482), screenshot capture, SAM-hive theft via VSS (T1003.002), and SOCKS5 reverse-proxy tunnelling (T1090.003). A credential harvester calls CredUIPromptForWindowsCredentialsW to display a Windows security dialogue and trick targets into entering credentials. A Kerberos TGT extractor via GSS-API was also observed.

Why it matters to us: signed-binary side-loading abusing a security-product binary is the highest-value evasion class — signature-based controls are bypassed by design. Detection: Sysmon EID 7 image-loads from fmapp.exe or sentinelmemoryscanner.exe outside their expected installation directories; alert on node.exe as a parent of cmd.exe or powershell.exe -enc in non-developer environments; flag CredUIPromptForWindowsCredentialsW calls from non-standard parents. Hardening: AppLocker / WDAC enforcing signed-and-known-path DLL loads; restrict node.exe execution to development OUs.

nation-state espionage iran-nexus middle-east apac europe

2026-05-25 · view entry permalink →

Ghost CMS CVE-2026-26980 → ClickFix: the CMS-compromise-to-endpoint kill chain

notable vulnerability discovered 2026-05-25 05:00 UTC deep dive

Background. CVE-2026-26980 was disclosed and patched in Ghost 6.19.1 on 19 February 2026, and SentinelOne reported in-the-wild exploitation and detection guidance by 27 February (BleepingComputer, 2026-05-24). The May activity XLab documented is not a new bug but a large-scale weaponisation of the unpatched long tail of self-hosted instances, repurposing compromised editorial sites as a high-traffic, low-attributable delivery surface for ClickFix social engineering (XLab Qianxin, 2026-05-21). ClickFix / FakeCaptcha — tricking a user into pasting an attacker-supplied command into the Run dialog or a terminal — has been a tracked initial-access technique since 2024; what is notable here is the combination of a CVSS-9.4 pre-auth CMS flaw as the distribution mechanism with a fingerprinting/cloaking stage that keeps the lure invisible to non-targets and to casual review.

Kill chain → MITRE ATT&CK.

  • Initial access — T1190 Exploit Public-Facing Application. Unauthenticated boolean-based blind SQL injection through the Content API's slug filter parameter. No credentials, no user interaction — the request pattern the vendor mitigation keys on is a query string containing slug:[ (slug%3A%5B).
  • Credential access — T1552 Unsecured Credentials. The injection is used to read the admin API key out of Ghost's database. This key is a bearer token with full content-management scope, so its theft is the privilege pivot — there is no separate authentication step after extraction.
  • Content injection / defacement — T1659 Content Injection. With the admin key the attacker injects a lightweight JavaScript loader into published articles and/or theme templates, so the malicious code is served to every visitor from the site's own trusted origin.
  • Execution-guardrails cloaking — T1480 Execution Guardrails. The loader fetches a second-stage cloaking script that fingerprints each visitor and only proceeds for those matching the target profile (e.g. Windows desktop), so most visitors and most analysts never see the lure.
  • User execution — T1204.002 User Execution: Malicious File, chained to T1059.001 PowerShell / T1059.003 Windows Command Shell. Qualifying visitors are shown a fake Cloudflare "verify you are human" prompt in an overlay iframe instructing them to paste a supplied command into the Windows Run dialog (Win+R) or a terminal.
  • Payload delivery — T1105 Ingress Tool Transfer. The pasted command pulls follow-on payloads; XLab observed DLL loaders, JavaScript droppers, and an Electron-based sample named UtilifySetup.exe, leading to info-stealer / RAT capability.

Detection concepts (no IOCs). Two distinct hunt surfaces:

  • Server-side, for Ghost operators. Review web-server / reverse-proxy access logs for Content API requests to /ghost/api/content/ whose filter/slug parameter contains slug:[ (slug%3A%5B) or boolean-blind SQL artefacts (AND, CASE, time-delay primitives) — the vendor mitigation pattern is the highest-fidelity signal. In the Ghost admin audit trail, alert on unexpected article or theme modifications, and on any <script> element appearing in post content or theme files that has no editorial counterpart.
  • Client-side, for everyone (the product-agnostic, higher-value hunt). The ClickFix execution chain is independent of Ghost and is the artefact most defenders can actually catch: Sysmon Event ID 1 / Windows 4688 for cmd.exe or powershell.exe (especially with -EncodedCommand, clipboard-paste context, mshta, curl/certutil download cradles) whose parent process is a browser (chrome.exe, msedge.exe, firefox.exe, brave.exe) or explorer.exe immediately following a Win+R Run-dialog launch. Flag execution of unsigned Electron applications from user-writable paths. Enable PowerShell Script Block Logging (Event ID 4104) to capture the pasted stager body.

Hardening / mitigation.

  • Ghost: upgrade to 6.19.1 or later; until then block slug:[ / slug%3A%5B at the WAF and restrict the public Content API to trusted origins. Assume the admin API key was stolen on any internet-exposed instance — rotate it after patching and audit all posts and theme files for injected scripts.
  • Endpoint (the ClickFix surface, applies broadly): where operationally feasible, disable the Win+R Run dialog for standard users via the NoRun policy (GPO), deploy detection for clipboard-to-shell execution, and run user-awareness that any web page asking you to "paste this command to prove you are human" is an attack. Constrained Language Mode plus full PowerShell logging reduces the blast radius of a successful paste.

“Background.” — ctipilot v2 brief (migrated)

vulnerabilities actively-exploited pre-auth info-disclosure phishing infostealer global europe CVE-2026-26980

2026-05-25 · view entry permalink →

CVE-2026-26980 — Ghost CMS Content API: unauthenticated blind SQL injection in the slug filter, actively exploited

high vulnerability discovered 2026-05-25 05:00 UTC

CVE-2026-26980 is an unauthenticated SQL injection (CWE-89) scored CVSS 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L) in Ghost's Content API. The defect sits in the handling of the slug filter parameter, which is interpolated into a raw SQL fragment without parameterisation; a remote attacker with no authentication can perform boolean-based blind extraction of arbitrary database contents — critically the admin API key, which then grants full content-management scope over articles, themes and users (GitHub Security Advisory GHSA-w52v-v783-gw97). Affected versions span Ghost 3.24.0 through 6.19.0 (a roughly three-year release range); the fix shipped in 6.19.1 on 19 February 2026. Ghost(Pro) cloud instances were patched server-side; self-hosted operators must upgrade themselves, which is the exposed long tail the current campaign targets (BleepingComputer, 2026-05-24).

The CVE clears the § 2 bar on exploitation: SentinelOne documented in-the-wild exploitation as early as 27 February, and XLab confirmed the present large-scale wave (700+ compromised domains) on 21 May (XLab Qianxin, 2026-05-21). Mitigation: upgrade to 6.19.1 or later. Interim compensating controls — block Content API requests whose query string contains slug:[ (URL-encoded slug%3A%5B) at the WAF and restrict or disable the public Content API to trusted origins; the vendor mitigation targets exactly that request pattern. Because the admin API key is the exfiltration target, treat it as compromised on any exposed instance and rotate it after patching, then audit posts and themes for injected JavaScript. Full kill chain and detection in § 5.

CVE Summary Table

CVE Product CVSS EPSS KEV Exploited Patch Source
CVE-2026-26980 Ghost CMS (Content API) 9.4 n/a No Yes (ITW, 700+ sites) v6.19.1 GHSA-w52v-v783-gw97

“CVE-2026-26980 is an unauthenticated SQL injection (CWE-89) scored CVSS 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L) in Ghost's Content API.” — ctipilot v2 brief (migrated)

vulnerabilities actively-exploited pre-auth info-disclosure patch-available global CVE-2026-26980

2026-05-19 · view entry permalink →

Grafana Labs CoinbaseCartel breach — victim confirms source-code-only theft, no customer data, ransom rejected

notable incident discovered 2026-05-19 05:00 UTC

UPDATE (originally covered 2026-W21): Grafana Labs issued an official 2026-05-18 confirmation of the GitHub Pwn-Request breach previously reported in the 2026-W21 weekly summary (SecurityWeek, 2026-05-18; BleepingComputer, 2026-05-18; The Register, 2026-05-18). The material new disclosures in the 2026-05-18 confirmation: Grafana explicitly states (a) only source code was accessed — "no personal or customer information was stolen"; (b) the incident has not impacted customer systems or operations; (c) the ransom was refused. The technical-mechanism details (pull_request_target workflow misconfiguration, forked-PR injection of a curl command, harvested write-scoped GitHub token, canary-token detection) were previously reported in the 2026-W21 weekly summary citing THN's earlier coverage (The Hacker News, 2026-05-17); they are repeated here as context for defenders who did not catch the weekly. CoinbaseCartel is assessed by THN as an offshoot of the ShinyHunters / Scattered Spider / LAPSUS$ ecosystem and has accumulated ~170 victims since September 2025.

Defender takeaway: Grafana OSS is the de facto monitoring/observability platform in EU/CH public-sector SOC and NOC environments; defenders should monitor non-official Grafana plugin updates and unsigned Grafana agent builds for the next 30 days as a potential supply-chain trojanisation follow-on. The Pwn-Request attack pattern is the same class of CI/CD misconfiguration covered by SentinelOne's Living off the Pipeline taxonomy (referenced 2026-05-16); audit every pull_request_target workflow to ensure no privileged steps run on untrusted-fork code, set permissions: read-all at workflow level and elevate only as needed, and separate privilege-requiring steps into a second workflow_run workflow gated on merged code. MITRE T1195.002 / T1552.004 / T1567.

“no personal or customer information was stolen and the incident has not impacted customer systems or operations” — Grafana via SecurityWeek

“the attackers demanded a ransom to prevent the source code from being leaked, but it has decided not to pay up” — SecurityWeek

data-breach supply-chain organized-crime europe global

2026-05-19 · view entry permalink →

Symantec / Carbon Black document Fast16 hook engine targeting LS-DYNA/AUTODYN nuclear-simulation codes; Kim Zetter corrects "pre-Stuxnet" framing to contemporaneous-and-simulation-sabotage

notable research discovered 2026-05-19 05:00 UTC

Background. Fast16 — a Lua-based sabotage framework — was first disclosed by SentinelOne at LABScon 2026 in April 2026 and originally framed as a Stuxnet predecessor by approximately two years. Earlier reporting also speculated that the malware operated against physical centrifuge equipment. Both framings now appear incorrect on closer expert review.

Broadcom's Symantec and Carbon Black teams published a technical analysis on 2026-05-18 documenting the framework's operating envelope and target selection (Broadcom Security, 2026-05-18; The Hacker News, 2026-05-18). The architecture: a service binary embedding an early Lua 5.0 VM; a boot-start filesystem driver intercepting executable code as it is read from disk; and a rule-driven hook engine rewriting specific instruction sequences inside narrowly targeted simulation applications. The hook engine selectively intercepts execution inside LS-DYNA and AUTODYN — the canonical high-explosive simulation codes used for weapons design — and activates only when the simulated material density exceeds 30 g/cm³, the threshold reachable only under implosion shock-compression conditions relevant to weapons-grade uranium. Kim Zetter's investigative analysis on 2026-05-16 separately corrected the historical framing of the campaign (Kim Zetter / ZERO DAY, 2026-05-16): Fast16 was contemporaneous with Stuxnet, not a predecessor, and was engineered to feed false output to weapons engineers rather than to physically alter nuclear infrastructure. Defender relevance is narrow but specific: Broadcom appears to describe the first publicly-documented use of a filesystem-driver-level instruction-rewriting hook engine to corrupt scientific-simulation output — a sabotage technique class distinct from data exfiltration, ransomware, or DoS. Operators of national-laboratory research-computing environments, defence-related HPC clusters, and reactor-physics-modelling labs should add filesystem-driver-load monitoring (Sysmon EID 6, Windows boot-start driver enumeration) and integrity checking of long-running simulation binaries to their threat models.

“Fast16's hook engine is selectively interested in high-explosive simulations inside LS-DYNA and AUTODYN, and the malware checks for the density of the material being simulated and only acts when that value passes 30 g/cm³, the threshold uranium can only be reached under the shock compression of an implosion device” — Broadcom Security

“Fast16 didn't predate Stuxnet but was contemporaneous with it. It also wasn't aimed at altering nuclear weapons but was simply feeding false data to engineers about the nuclear detonation tests they were conducting, in order to trick them into believing the tests were failing” — Kim Zetter / ZERO DAY

nation-state espionage ot-ics iran-nexus middle-east global

2026-05-16 · view entry permalink →

SentinelOne: "Living Off the Pipeline" — CI/CD subversion taxonomy with three real intrusion cases (TeamCity, GitLab service-account pivot, Contagious Interview)

notable research discovered 2026-05-16 05:00 UTC single-source

SentinelOne published on 2026-05-15 a practitioner-focused taxonomy of CI/CD pipeline subversion techniques, illustrated with three real intrusion case studies that are immediately useful for SOC and DevSecOps teams running JetBrains TeamCity, GitLab, or GitHub Actions (SentinelOne, 2026-05-15). Case 1: an unpatched TeamCity server (CVE-2023-42793) exploited to deploy backdoors via privileged build tasks, remaining undetected for 12+ months. Case 2: a GitLab service-account token compromise enabling creation of malicious Ansible playbooks that were then automatically executed by pipelines — a clean demonstration of how service-account over-privilege translates directly into production code execution. Case 3: the Contagious Interview campaign using fraudulent job offers directing developer victims to fake skill-assessment sites that deploy malware silently to developer workstations. Additional vectors covered include attacker-registered self-hosted runners, workflow triggers from repository discussion comments, dependency poisoning with reconnaissance preinstall scripts, and maintainer-account compromise appending malicious code; the article cross-links a separate SentinelOne analysis of the "Sha1-Hulud" NPM compromise as a related supply-chain case. MITRE ATT&CK: T1195.002, T1547 (rogue runner registration as persistence), T1555 (pipeline secret extraction), T1204 (user execution via fake job-offer social engineering), T1072 (software-deployment-tool abuse via Ansible). Defender monitoring priorities surfaced in the report: GitHub / GitLab audit logs for runner.registered events with unfamiliar names or unexpected source IP ranges; new or modified pipelines authored by service accounts; suspicious child-process spawn from build agents (cmd.exe, powershell.exe, curl, wget outside baseline); credential-access and reverse-tunnel traffic originating from build infrastructure; and secret-injection patterns in workflow-config modifications. Single-source — SentinelOne only.

supply-chain identity vulnerabilities global

2026-05-11 · view entry permalink →

SentinelOne — Living Off the Pipeline: CI/CD subversion taxonomy

notable annual-report discovered 2026-05-11 05:00 UTC single-source

SentinelOne's "Living Off the Pipeline" research (covered daily 2026-05-16, [SINGLE-SOURCE]) presents a three-case taxonomy of CI/CD subversion in real intrusions: TeamCity buildAgent-token theft, GitLab service-account pivot, and Contagious Interview (DPRK-aligned) build-time compromise. The weekly-level synthesis worth surfacing: the three-case study generalises to a defender pattern — CI/CD systems concentrate trust (build secrets, artifact-signing keys, deployment credentials) in machine-identity environments with weaker authentication / authorisation telemetry than human-identity environments. Combined with the Sophos NHI finding (41% of identity breaches root-caused to NHI mismanagement, above), CI/CD platforms are the highest-leverage NHI-governance attack surface for Swiss / EU public-sector DevSecOps programmes. Hunt seeds: TeamCity buildAgent re-auth events, GitLab CI job impersonation patterns, GitHub Actions OIDC-token reuse outside expected workflow scope (daily 2026-05-16).

supply-chain identity global

2026-05-04 · view entry permalink →

TeamPCP → PCPJack — cloud-worm successor evicting prior operator artefacts

notable synthesis discovered 2026-05-04 05:00 UTC

Current state: SentinelLabs documented PCPJack on 2026-05-07 as a worm-class framework that evicts and deletes existing TeamPCP artefacts on compromise (giving the framework its name), then deploys six Python modules harvesting credentials from Docker, Kubernetes, Redis, MongoDB, RayML, and dozens of cloud / SaaS services (AWS, Azure, GCP, GitHub, Slack, HashiCorp Vault, 1Password). Propagation targets are pulled from Common Crawl Parquet files rather than ad-hoc scanning — far broader curated attack surface than typical opportunistic worms. Weaponises five public CVEs simultaneously (CVE-2025-29927 Next.js, CVE-2025-55182 React2Shell, CVE-2026-1357 WPVivid, CVE-2025-9501 W3 Total Cache, CVE-2025-48703 CWP). The TeamPCP → PCPJack succession overlay is the operational specific worth tracking: SentinelLabs explicitly states there is no evidence yet of a direct operator-level connection, while the eviction logic implies operators familiar with TeamPCP's target population. Defenders running self-hosted Next.js, React-server-actions stacks, WordPress with WPVivid Backup or W3 Total Cache, or CentOS Web Panel with internet-reachable FileManager should treat all five CVEs as actively weaponised (SentinelLabs, 2026-05-07 · The Hacker News, 2026-05-07 · SecurityWeek, 2026-05-08 · daily 2026-05-10). The earlier TeamPCP "Mini Shai-Hulud" SAP CAP npm worm (covered 2026-05-06) used Claude Code SessionStart hooks and VSCode tasks for propagation — that thread is separate from PCPJack's CVE-chain propagation but the same operator population is tracked.

organized-crime cloud vulnerabilities actively-exploited supply-chain global