Clankerusecase
Source control detection coverage
 ← Back to main site
Home/ Targets/ Source control

🐙Source control detections

Clankerusecase tracks 276 detection use cases covering the Source control attack surface across 122 MITRE ATT&CK techniques.

Detections targeting GitHub / GitLab / Bitbucket — repo transfers, PAT abuse, branch protections.

Open Detection Library → View on the matrix
276Use cases
122Techniques
60Articles
6Kill-chain phases

Top techniques on Source control (25)

T1190Exploit Public-Facing Application106T1195.002Compromise Software Supply Chain56T1059.004Unix Shell48T1059.007JavaScript42T1105Ingress Tool Transfer38T1059.006Python27T1071.001Web Protocols27T1059Command and Scripting Interpreter22T1068Exploitation for Privilege Escalation19T1059.003Windows Command Shell17T1552.001Credentials In Files15T1059.001PowerShell15T1611Escape to Host13T1505.003Web Shell13T1078Valid Accounts12T1098Account Manipulation11T1567Exfiltration Over Web Service9T1036.005Match Legitimate Resource Name or Location9T1556Modify Authentication Process8T1041Exfiltration Over C2 Channel8T1195.001Compromise Software Dependencies and Development Tools8T1078.004Cloud Accounts7T1133External Remote Services7T1546Event Triggered Execution7T1083File and Directory Discovery6

Reconnaissance (4)

[LLM] Web-facing exposure of dev.env / .env config file (returns 200) Bespoke recon · alerting DSΣPDDCSCW [LLM] github.com/dhax/go-base supply-chain footprint in go.mod / build artifacts Bespoke recon · hunting DSΣPDDCSCW [LLM] Internal host clones / curls github.com/dhax/go-base or raw dev.env Bespoke recon · hunting DSΣPDDCS [LLM] DbGate anonymous auth-bypass token mint — POST /auth/login with amoid:none Bespoke recon · hunting SΣPDD

Delivery (39)

GitHub PAT used from impossible-travel locations Internal delivery · alerting DD GitLab brute-force attack Internal delivery · alerting DD GitLab password reset from suspicious IP Internal delivery · alerting DD [LLM] HTTP multipart upload: image Content-Type with PHP/executable filename extension (CVE-2026-48062 exploit shape) Bespoke delivery · alerting SΣPDD [LLM] Unauthenticated POST to /mcp endpoint on TCP 8080 (CVE-2026-48039) Bespoke delivery · alerting DSΣPDDCS [LLM] Unauthenticated WebSocket / HTTP 101 upgrade to phoenix_storybook playground routes Bespoke delivery · hunting DSΣPDDCS [LLM] Suspicious commit pattern: '[skip ci]' with backdated timestamp adding only IDE config files Bespoke delivery · hunting DSPDD [LLM] Phar archive or PHPSpreadsheet RCE marker written by web-server process Bespoke delivery · alerting DSΣPDDCS [LLM] DbGate exploit web request — POST /runners/start or /runners/load-reader with child_process injection Bespoke delivery · alerting DSΣPDDCS [LLM] Bun runtime download to /tmp from a node process during npm install Bespoke delivery · alerting DSPDDCS [LLM] GitHub bulk git tag force-push by single actor across multiple org repos Bespoke delivery · hunting PDD [LLM] Nx Console v18.95.0 Malicious Payload Bootstrap via Orphan Commit (npx github:nrwl/nx#558b09d7) Bespoke delivery · alerting DSΣPDDCS [LLM] Inbound TCP connection to Vitest UI port 51204 from non-loopback source Bespoke delivery · hunting DSΣPDDCSCW [LLM] Unauthenticated JSON-RPC POST to PraisonAI /a2a endpoint (CVE-2026-47391 exploit) Bespoke delivery · hunting DSΣPDDCS [LLM] Bun runtime download from github.com/oven-sh during npm install (Gen-2 loader) Bespoke delivery · hunting DSΣPDDCS [LLM] Yamcs MDB algorithm override PATCH with Java Runtime payload Bespoke delivery · hunting SΣPDD [LLM] Compromised laravel-lang Composer package: helpers.php in vendor tree Bespoke delivery · hunting DSΣPDDCS [LLM] Nx Console v18.95.0 compromised extension installed (May 2026 supply-chain attack) Bespoke delivery · hunting DSΣPDDCS [LLM] Installation of malicious guardrails-ai==0.10.1 PyPI package (CVE-2026-45758) Bespoke delivery · alerting DSΣPDDCS [LLM] npm install of compromised @opensearch-project/opensearch versions 3.5.3/3.6.2/3.7.0/3.8.0 Bespoke delivery · alerting DSΣPDDCS [LLM] GitHub workflow references actions-cool/issues-helper or maintain-one-comment by tag Bespoke delivery · alerting SPDD [LLM] mistralai 2.4.6 dropper: curl downloading transformers.pyz from 83.142.209.194 Bespoke delivery · hunting DSΣPDDCS [LLM] Bun runtime fetched from github.com/oven-sh/bun during npm install (Bitwarden CLI hijack) Bespoke delivery · alerting DSPDDCS [LLM] Qinglong cryptominer payload download from file.551911.xyz Bespoke delivery · alerting DSΣPDDCS [LLM] Mailcow quarantine XSS via EICAR + HTML in attachment filename (GHSA-2xjc-rg88-jvpp) Bespoke delivery · alerting DSΣPDD [LLM] IoliteLabs VSCode extension dropper: VS Code child process reaching rraghh.com / oortt.com C2 Bespoke delivery · alerting DSΣPDD [LLM] pip install of malicious telnyx versions 4.87.1 / 4.87.2 Bespoke delivery · alerting DSΣPDDCS [LLM] Installation of unauthorized cline@2.3.0 npm package on developer endpoints Bespoke delivery · alerting DSΣPDDCS [LLM] Inventory: @kilocode/cli v1.0.0-v1.0.3 affected-release install on dev workstations Bespoke delivery · hunting DSΣPDDCS [LLM] Scavenger loader/install.js dropped into node_modules (known SHA256 or filename match) Bespoke delivery · hunting DSΣPDD [LLM] tj-actions/changed-files compromise: self-hosted runner egress to nikitastupin memdump gist (CVE-2025-30066) Bespoke delivery · hunting DSΣPDD [LLM] Download of openclawcore-1.0.3.zip from denboss99 GitHub release (Windows OpenClaw skill payload) Bespoke delivery · alerting DSΣPDDCS [LLM] Compromised Nx npm package version install on developer or CI host Bespoke delivery · alerting DSΣPDDCS [LLM] LittleDaemon / DaemonicLogistics update-hijack URL pattern (popup_4.2.0.2246.dll, /update/updateInfo.bzp, /update/file6.bdat, /update/file2. Bespoke delivery · alerting DSΣP [LLM] Internal workflows pulling aws-actions/configure-aws-credentials@v4.3.0 during the buggy-release window Bespoke delivery · hunting SPDD [LLM] Compromised tj-actions/changed-files commit SHA referenced on host (CVE-2025-30066 IOC hunt) Bespoke delivery · alerting DSΣPDDCS [LLM] PyPI install footprint of num2words v0.5.15/0.5.16 (Scavenger supply-chain compromise) Bespoke delivery · alerting DSΣPDD [LLM] Go typosquat module reference: github.com/boltdb-go/bolt in process or build telemetry Bespoke delivery · alerting DSΣPDDCS [LLM] Vulnerable Moq 4.20.0 or Devlooped.SponsorLink NuGet package landed on endpoint Bespoke delivery · alerting DSΣPDDCS

Exploitation (87)

[WEEKLY] Low-Code / AI Workflow Runtime Sandbox-Escape — Server Process Spawns Shell + Public Egress Internal exploit · alerting DSΣPDD [WEEKLY] Public-Facing App Runtime Spawns Shell, LOLBin, or Container-Control Tool Internal exploit · alerting DSΣPDD [WEEKLY] Server / AI-agent process spawns shell or LOLBIN with public egress — post-RCE behavioural chain Internal exploit · alerting DSΣPDD [WEEKLY] Service-process parent spawns subprocess containing CLI-argument-injection tokens Internal exploit · alerting DSΣPDD [LLM] Budibase CVE-2026-48150: POST /api/public/v1/roles/assign with global builder/admin grant in body Bespoke exploit · alerting SΣPDD [LLM] Webserver / PHP interpreter spawns shell or LOLBin — post-upload RCE indicator Bespoke exploit · alerting DSΣPDDCS [LLM] CVE-2026-48039 PoC artifact execution (meta-ads-mcp-vuln001 image, FAKE_TOKEN_FOR_POC_DEMO env) Bespoke exploit · alerting DSΣPDDCS [LLM] Pheditor CVE-2026-48030 — shell metacharacters in 'dir' POST parameter to pheditor.php Bespoke exploit · alerting SΣPDD [LLM] HEEx / Elixir Kernel injection markers in BEAM-spawned process command line (CVE-2026-8467) Bespoke exploit · alerting DSΣPDDCS [LLM] nebula-mesh CVE-2026-47724 — cross-operator admin API key mint via POST /api/v1/operators/{id}/api-keys Bespoke exploit · alerting SΣPDD [LLM] osascript invoked with AppleScript breakout pattern (mismatched tell blocks + do shell script) Bespoke exploit · alerting DSΣPDDCS [LLM] PHPSpreadsheet phar:/// three-slash wrapper in HTTP request (CVE-2026-45034) Bespoke exploit · alerting SΣPDD [LLM] Web-server process (php-fpm / apache / nginx / w3wp) spawning shell or network tooling Bespoke exploit · hunting DSΣPDDCS [LLM] HTTP access to Shopper admin team-settings / Livewire endpoints (CVE-2026-47744) Bespoke exploit · hunting DSΣPDDCW [LLM] Unauthenticated POST to AIT-BSC /<name>/start with path-traversal form fields (CVE-2026-47731) Bespoke exploit · alerting DSΣPDD [LLM] DbGate loadReader functionName code injection (CVE-2026-47670) Bespoke exploit · alerting DSΣPDDCS [LLM] DbGate exploit chain: anonymous /auth/login + /api/archive/unzip POSTs from same source (CVE-2026-47669) Bespoke exploit · alerting SΣPDD [LLM] DbGate CVE-2026-47668 — Node.js runner spawning shell/LOLBin children for egress Bespoke exploit · alerting DSΣPDDCS [LLM] Stata binary spawning OS shell (CVE-2026-47708 stata-mcp log_file_name injection) Bespoke exploit · alerting DSΣPDDCS [LLM] Stata-authored log file written with shell metacharacters or path traversal in filename (CVE-2026-47708) Bespoke exploit · alerting DSΣPDDCS [LLM] AVideo YPTSocket plugin XSS injection via webSocketSelfURI/page_title query strings Bespoke exploit · alerting DSΣPDD [LLM] Jinja2 SSTI payload to Jupyter Enterprise Gateway /api/kernels (CVE-2026-44181) Bespoke exploit · alerting SΣPDD [LLM] Jupyter Enterprise Gateway /api/kernels POST with KERNEL_UID/GID body (CVE-2026-44180) Bespoke exploit · hunting SΣPDD [LLM] praisonai-platform: POST /workspaces/*/members with role=owner (CVE-2026-47413) Bespoke exploit · hunting DSΣPDD [LLM] Path-traversal exploit hitting Vitest /__vitest_attachment__ endpoint (CVE-2026-47429 PoC) Bespoke exploit · alerting DSΣPDDCS [LLM] Post-exploit shell spawned by Vitest node.exe via rerun / saveTestFile (CVE-2026-47429) Bespoke exploit · alerting DSΣPDDCS [LLM] praisonai-platform CVE-2026-47416: PATCH /workspaces/{id}/members/{user_id} role-change request Bespoke exploit · hunting SΣPDD [LLM] Suspicious child process spawned by PraisonAI uvicorn/python A2A server (eval() RCE evidence) Bespoke exploit · alerting DSΣPDDCS [LLM] Literal PraisonAI sandbox-escape signature: `print.__self__` + builtins dict access Bespoke exploit · alerting DSΣPDDCS [LLM] Unauthenticated POST to PraisonAI `/chat` or `/agents` endpoint (incl. CVE-Detector scanner) Bespoke exploit · alerting DSΣPDDCW [LLM] Node.js process spawning native shell / interpreter — post-vm2-escape host execution Bespoke exploit · alerting DSΣPDDCS [LLM] vm2 NodeVM denylist bypass PoC strings — getBuiltinModule + inspector/promises Bespoke exploit · alerting DSΣPDDCS [LLM] Node.js process spawns shell or LOLBin — vm2 sandbox escape post-exploitation (CVE-2026-47210) Bespoke exploit · alerting DSΣPDDCS [LLM] Node.js process spawning OS shell with enumeration commands — vm2 sandbox escape (CVE-2026-47137) Bespoke exploit · hunting DSΣPDDCS [LLM] node.exe spawning child_process targets — vm2 Promise species sandbox escape post-exploitation Bespoke exploit · alerting DSΣPDDCS [LLM] vm2 sandbox-escape PoC strings observed in inbound HTTP request body / WAF Bespoke exploit · alerting DSΣPDDCS [LLM] Yamcs MDB algorithm PATCH with embedded Jython java.lang.Runtime payload (CVE-2026-46621) Bespoke exploit · alerting DSΣPDDCS [LLM] Yamcs MdbOverrideApi algorithm PATCH carrying Nashorn Java.type RCE payload Bespoke exploit · alerting DSΣPDD [LLM] LiquidJS SSTI gadget tokens in inbound HTTP (CVE-2026-45618) Bespoke exploit · alerting DSΣPDDCS [LLM] Node.js web process spawning shell (LiquidJS RCE post-exploit) Bespoke exploit · alerting DSΣPDDCS [LLM] Yamcs JVM spawning OS shell/interpreter (Janino RCE via CVE-2026-44632) Bespoke exploit · alerting DSΣPDDCS [LLM] XWiki unauthenticated XAR import via REST POST /rest/wikis/{wikiName} (CVE-2026-33137) Bespoke exploit · alerting SΣP [LLM] Nezha CVE-2026-46716 exploit: POST /api/v1/cron with empty servers + CronCoverAll Bespoke exploit · alerting SΣPDD [LLM] Non-browser User-Agent against YesWiki Bazar form-import endpoint — CVE-2026-46670 exploit tooling Bespoke exploit · alerting SΣP [LLM] OCI image extraction creates symlink with absolute path target (CWE-61 primitive) Bespoke exploit · alerting DSΣPDDCS [LLM] CVE-2026-46614: Unauthorized /fission-function/ invocation on Fission router public listener (port 8888) Bespoke exploit · alerting SΣPDD [LLM] 9router unauthenticated RCE — POST /api/cli-tools/cowork-settings with customPlugins.command Bespoke exploit · alerting SΣPDD [LLM] 9router CVE-2026-46339 — GET /api/mcp/{plugin}/sse triggers stored command spawn() Bespoke exploit · alerting SΣPDD [LLM] Kopia process spawns ssh with -oProxyCommand= argument (CVE-2026-45695) Bespoke exploit · alerting DSΣPDDCS [LLM] GlassFish java process spawning command shell (CVE-2026-2587 RCE) Bespoke exploit · alerting DSΣPDDCS [LLM] Inbound HTTP request to GlassFish gadget.jsf handler (CVE-2026-2587 exploit attempt) Bespoke exploit · alerting SΣPDDCW [LLM] Inbound HTTP request with Camel-internal header or query param to CXF/Knative endpoint (CVE-2026-47323) Bespoke exploit · alerting DSΣPDDCS [LLM] zrok ProxyShare SSRF — request path begins with absolute URL (CVE-2026-45568) Bespoke exploit · hunting DSΣPDDCS [LLM] HAXcms CVE-2026-46395: unauthenticated GET to /system/api/connectionSettings Bespoke exploit · alerting SΣPDDCS [LLM] Algernon web server spawning shell child process (CVE-2026-45721 handler.lua RCE) Bespoke exploit · alerting DSΣPDDCS [LLM] MLflow server process spawning Claude Code CLI or shell — CVE-2026-2611 RCE chain Bespoke exploit · alerting DSΣPDDCS [LLM] Web-server process (w3wp/php/nginx) spawns shell or LOLBin (post-SSTI RCE chain) Bespoke exploit · alerting DSΣPDDCS [LLM] Node.js process spawning shell or system utility — likely vm2 sandbox escape Bespoke exploit · alerting DSΣPDDCS [LLM] utcp-cli command injection via UTCP_ARG substitution in python→bash -c CMD_N_OUTPUT script Bespoke exploit · alerting DSΣPDD [LLM] Marten CVE-2026-45288 regConfig SQL injection attempt in web traffic Bespoke exploit · alerting SΣPDD [LLM] Marten CVE-2026-45288 injection observed executing in PostgreSQL audit log Bespoke exploit · alerting SΣPDD [LLM] MCPHub SSE endpoint accessed with arbitrary username in URL path (CVE-2025/GHSA-wf8q-wvv8-p8jf hunt) Bespoke exploit · hunting SΣPDD [LLM] MCPHub identity spoofing — admin-themed username in /<user>/sse path Bespoke exploit · alerting SΣPDD [LLM] DeepSeek-TUI sub-agent shell execution via AGENTS.md prompt injection (CVE-2026-45374) Bespoke exploit · alerting DSΣPDD [LLM] DeepSeek-TUI spawning 'cargo test' — CVE-2026-45311 auto-approved run_tests pathway Bespoke exploit · hunting DSΣPDD [LLM] Rust cargo-test binary in target/debug/deps spawning shell or network tool (CVE-2026-45311 exploitation) Bespoke exploit · alerting DSΣPDD [LLM] sanitize-html xmp-tag XSS payload (CVE-2026-44990) in inbound HTTP request Bespoke exploit · alerting DSΣPDD [LLM] Portainer Swarm service create/update API access (CVE-2026-44849 exploitation path) Bespoke exploit · hunting DSΣPDDCS [LLM] Portainer Swarm service spec with elevated Linux capabilities or unconfined Seccomp Bespoke exploit · alerting DSΣPDDCS [LLM] Container start with docker.sock or sensitive host-path bind mount Bespoke exploit · alerting DSΣPDDCS [LLM] Docker local-driver volume created with type=none and o=bind (CVE-2026-44849 volume variant) Bespoke exploit · alerting DSΣPDDCS [LLM] Portainer plugin management API access (CVE-2026-44848) Bespoke exploit · alerting SΣPDD [LLM] n8n Node.js parent spawning OS shell — post-exploit RCE indicator for CVE-2026-44791 Bespoke exploit · alerting DSΣPDDCS [LLM] n8n workflow API request body containing JS prototype pollution tokens (CVE-2026-44789) Bespoke exploit · alerting DSΣPDDCS [LLM] FlowiseAI POST /api/v1/node-custom-function with NodeVM Sandbox-Escape Payload (CVE-2026-46442) Bespoke exploit · alerting SΣPDD [LLM] Flowise node.exe Spawning OS Shell or Command-Line Utility - Post-Exploit RCE (CVE-2026-46442) Bespoke exploit · alerting DSΣPDDCS [LLM] Strapi CVE-2026-27886 exploit — `where[admin-relation][private-field]` query parameter against public Content API Bespoke exploit · alerting SΣPDD [LLM] CVE-2026-8178 exploit attempt: Redshift JDBC URL with class-loading parameter (socketFactory/sslfactory/sslhostnameverifier/sslpasswordcallb Bespoke exploit · alerting DSΣPDD [LLM] Qinglong CVE-2026-3965 auth bypass via /open/user/init credential reset Bespoke exploit · alerting DSΣPDDCS [LLM] Qinglong CVE-2026-4047 case-mismatch auth bypass via /aPi/system/command-run Bespoke exploit · alerting DSΣPDDCS [LLM] Hoppscotch device-login open redirect token theft via localhost.* / sslip.io bypass Bespoke exploit · alerting DSΣPDDCS [LLM] Storybook portable-stories RCE — vitest/node spawning shell, recon or secret-grep child (CVE-2026-27148) Bespoke exploit · alerting DSΣPDDCS [LLM] Astro SSRF (CVE-2026-25545) — Node.js egress fetch for /404.html or /500.html with UA 'node' Bespoke exploit · alerting DSΣPDD [LLM] Node.js process spawning interactive shell — suspected post-exploit RCE on Next.js / RSC server Bespoke exploit · alerting DSΣPDDCS [LLM] Next.js CVE-2025-29927 middleware bypass via x-middleware-subrequest header Bespoke exploit · alerting DSΣPDDCS [LLM] GitHub Actions branch-name template injection — bash brace-expansion shell signature Bespoke exploit · alerting DSΣPDDCS [LLM] Jinja2 xmlattr XSS exploitation attempt in HTTP request parameters (CVE-2024-22195) Bespoke exploit · alerting SΣP

Installation (78)

GitHub branch protection disabled with force-push bypass Internal install · alerting DD GitHub organization 2FA requirement removed Internal install · alerting DD GitHub organization removed from enterprise Internal install · alerting DD GitHub SAML/OIDC SSO disabled Internal install · alerting DD GitHub secret scanning disabled Internal install · alerting DD GitHub SSH key added from suspicious IP Internal install · alerting DD GitLab administrator role granted Internal install · alerting DD GitLab user MFA disabled Internal install · alerting DD GitLab SSO disabled Internal install · alerting DD [LLM] Webserver process writes PHP-executable file to public web-root or upload directory (CVE-2026-48062) Bespoke install · alerting DSΣPDDCS [LLM] Hades on-import payload: python interpreter spawns Bun runtime download Bespoke install · alerting DSΣPDDCS [LLM] npm/node install-time spawn downloads Bun runtime (Shai-Hulud worm pattern) Bespoke install · alerting DSΣPDDCS [LLM] npm/yarn/pnpm install or upgrade of Baileys package Bespoke install · hunting DSΣPDDCS [LLM] Pheditor CVE-2026-48030 — web server spawning shell interpreter from terminal handler RCE Bespoke install · alerting DSΣPDDCS [LLM] Pheditor CVE-2026-48030 — webshell drop: PHP / web account writing .php to webroot Bespoke install · alerting DSΣPDDCS [LLM] BEAM / Erlang VM spawns shell or interpreter child (post-RCE — CVE-2026-8467) Bespoke install · alerting DSΣPDDCS [LLM] Erlang .beam compiled module dropped to /tmp, /dev/shm, or %TEMP% by BEAM runtime Bespoke install · alerting DSΣPDDCS [LLM] Python interpreter downloads oven-sh Bun runtime v1.3.14 from GitHub releases at import time Bespoke install · alerting DSΣPDDCS [LLM] Python interpreter downloading Bun runtime ZIP from oven-sh GitHub release Bespoke install · alerting DSPDDCS [LLM] LiteLLM proxy (uvicorn/python) spawning shell or LOLBin — CVE-2026-42271 post-exploit Bespoke install · alerting DSΣPDDCS [LLM] DbGate node process spawning shell child (post-exploit RCE) Bespoke install · alerting DSΣPDDCS [LLM] DbGate Zip Slip (CVE-2026-47669): node process writes outside archive dir to OS-sensitive paths Bespoke install · alerting DSΣPDDCS [LLM] Bun runtime spawned by npm/node preinstall hook (TeamPCP setup.mjs loader) Bespoke install · alerting DSΣPDDCS [LLM] Mini Shai-Hulud payload SHA256 on disk (7c24b4d9...e627144e8b) Bespoke install · hunting DSΣPDDCS [LLM] Privileged or root pod created by Jupyter Enterprise Gateway ServiceAccount Bespoke install · alerting SΣPDDCW [LLM] Enterprise Gateway python container spawns shell or reads K8s service-account token (CVE-2026-44181 RCE) Bespoke install · alerting DSΣPDDCS [LLM] Cron/persistence file written on Kubernetes worker node from container runtime context Bespoke install · alerting DSΣPDDCS [LLM] npm/node lifecycle script fetching Bun runtime from github.com/oven-sh/bun Bespoke install · alerting DSΣPDDCS [LLM] Vulnerable praisonai-platform deployment hunt (uvicorn launching praisonai_platform.api.app) Bespoke install · hunting DSΣPDDCS [LLM] PraisonAI A2A example server started with vulnerable 0.0.0.0 bind and no auth_token Bespoke install · hunting DSΣPDDCS [LLM] PraisonAI `deploy --type api` command execution — vulnerable server provisioned Bespoke install · hunting DSΣPDDCS [LLM] Node.exe spawning OS shell after vm2 sandbox exploitation Bespoke install · alerting DSΣPDDCS [LLM] Shai-Hulud worm GitHub Action workflow file dropped under .github/workflows Bespoke install · alerting DSΣPDDCS [LLM] Trojanized axios npm package postinstall: node.exe spawned from plain-crypto-js dependency Bespoke install · alerting DSΣPDDCS [LLM] Yamcs JVM spawns shell or network utility (CVE-2026-46621 post-exploitation) Bespoke install · alerting DSΣPDDCS [LLM] Yamcs JVM spawning a POSIX shell — Nashorn Runtime.exec post-exploitation Bespoke install · alerting DSΣPDDCS [LLM] Boxlite sandbox writes to SSH authorized_keys (post-exploit RCE pivot) Bespoke install · alerting DSΣPDDCS [LLM] AWS IAM role trust policy created with set-qualified operator on GitHub OIDC sub claim Bespoke install · alerting ΣPDD [LLM] Compromised @cap-js stealer artefact hash present on disk or in execution Bespoke install · hunting DSΣPDDCS [LLM] VS Code/Cursor extension host fetches dropper from nrwl/nx orphan commit on GitHub Bespoke install · hunting DSΣPDDCS [LLM] macOS Python backdoor persistence via kitty-monitor LaunchAgent and cat.py drop Bespoke install · alerting DSΣPDDCS [LLM] Python backdoor self-daemonisation via __DAEMONIZED=1 spawned by VS Code helper or node Bespoke install · hunting DSΣPDDCS [LLM] TeamPCP Nx Console payload SHA256 hash match on developer endpoints Bespoke install · hunting DSΣPDDCS [LLM] VS Code child process fetching payload from nrwl/nx orphan commit (Nx Console v18.95.0 dropper) Bespoke install · alerting DSΣPDDCS [LLM] 9router Node.js process spawning shell binary (CVE-2026-46339 post-exploit) Bespoke install · alerting DSΣPDDCS [LLM] Python process executing transformers.pyz dropped from git-tanstack.com (TeamPCP) Bespoke install · alerting DSΣPDDCS [LLM] Apache Camel JVM spawning shell or command interpreter via camel-exec (CVE-2026-47323 post-exploit) Bespoke install · alerting DSΣPDDCS [LLM] handler.lua dropped outside Algernon's configured web root (CVE-2026-45721 backdoor stage) Bespoke install · alerting DSΣPDDCS [LLM] On-disk presence of malicious @opensearch-project/opensearch payload SHA256 Bespoke install · hunting DSΣPDDCS [LLM] Postinstall script execution from compromised @opensearch-project/opensearch package Bespoke install · hunting DSΣPDDCS [LLM] mistralai 2.4.6 dropper: Python interpreter executing /tmp/transformers.pyz as detached session Bespoke install · alerting DSΣPDDCS [LLM] Drop of /tmp/transformers.pyz on Linux endpoint Bespoke install · alerting DSΣPDDCS [LLM] PHP / IIS web-server writes .php/.phtml/.phar to webroot (post-SSTI webshell drop) Bespoke install · alerting DSΣPDDCS [LLM] Docker plugin runtime spawned from /var/lib/docker/plugins/ on host (CVE-2026-44848) Bespoke install · alerting DSΣPDDCS [LLM] Post-exploit RCE: node.js (n8n) spawning shell or scripting interpreter Bespoke install · alerting DSΣPDDCS [LLM] AD CS attacker tooling execution: Certify, Certipy, Whisker process indicators Bespoke install · alerting DSΣPDDCS [LLM] Shadow Credentials: msDS-KeyCredentialLink attribute modification Bespoke install · alerting DSΣPDDCS [LLM] Mini Shai-Hulud Wave 4 (TanStack/TeamPCP) worm payload file created in node_modules Bespoke install · hunting DSΣPDD [LLM] Hidden .fullgc cryptominer binary written to /ql/data/db/ Bespoke install · alerting DSΣPDDCS [LLM] Qinglong .fullgc cryptominer execution with nohup backgrounding Bespoke install · alerting DSΣPDDCS [LLM] Trojanized HandyPay / Proteção Cartão APK SHA-1 file drop on managed device Bespoke install · hunting DSΣP [LLM] TeamPCP sysmon.py systemd-user persistence on developer host Bespoke install · alerting DSΣPDD [LLM] TeamPCP telnyx FetchAudio() — python subprocess running inline base64 exec Bespoke install · alerting DSΣPDDCS [LLM] Malicious litellm_init.pth dropped to site-packages by pip (litellm==1.82.8 install artifact) Bespoke install · alerting DSΣPDDCS [LLM] Compromised trivy binary (v0.69.4-v0.69.6) execution by SHA1 hash Bespoke install · alerting DSΣPDD [LLM] BYOVD: Genshin Impact mhyprot.sys driver dropped/loaded outside legitimate game install (Embargo evil-mhyprot-cli) Bespoke install · alerting DSΣP [LLM] Cacheract memdump.py download/execution on CI runner or developer host Bespoke install · alerting DSΣPDD [LLM] Storybook WebSocket XSS/RCE — malicious .stories file written to src/stories (CVE-2026-27148) Bespoke install · alerting DSΣPDDCS [LLM] Secondary payload install: 'npm install -g openclaw' postinstall hook execution Bespoke install · alerting DSΣPDDCS [LLM] s1ngularity Nx postinstall — `gh auth token` spawned by node/npm on CI runner Bespoke install · alerting DSΣPDDCS [LLM] npm postinstall: @kilocode/cli platform-binary directory (cli-{platform}-{arch}) write Bespoke install · hunting DSΣPDDCS [LLM] rundll32.exe spawned by Node/npm loading node-gyp.dll or crashreporter.dll (CVE-2025-54313) Bespoke install · alerting DSΣPDD [LLM] DaemonicLogistics fake-Tencent payload drop (logo.gif at %PROGRAMDATA%\Tencent\QQUpdateMgr\UpdateFiles) Bespoke install · alerting DSΣP [LLM] s1ngularity nx: node modifies ~/.bashrc or ~/.zshrc to inject `sudo shutdown -h 0` Bespoke install · alerting DSΣPDD [LLM] wdavdaemon or MDE Linux endpoints observed on CI/CD build runners Bespoke install · hunting DSΣPDD [LLM] Node/npm postinstall spawning AI coding agent CLI (s1ngularity execution chain) Bespoke install · alerting DSΣPDDCS [LLM] Scavenger loader/stealer SHA256 execution or drop on endpoint Bespoke install · alerting DSΣPDD [LLM] Installation of poisoned Ultralytics PyPI package (v8.3.41 / 8.3.42 / 8.3.45 / 8.3.46) Bespoke install · alerting DSΣPDDCS

Command & Control (23)

[LLM] AUR build process egress to temp.sh or github.com/fardewoak/nodejs-argo Bespoke c2 · alerting DSΣPDDCS [LLM] Bun runtime egress to npm/PyPI publish endpoints or attacker-controlled GitHub repos Bespoke c2 · hunting DSΣPDDCS [LLM] Meta Graph API request with access_token in URL query string (CVE-2026-48039 leak signature) Bespoke c2 · alerting DSΣPDDCS [LLM] Yamcs Java process beacons to webhook / interact / tunneling service (CVE-2026-46621 C2) Bespoke c2 · alerting DSΣPDDCS [LLM] Reverse-shell /dev/tcp file descriptor from Yamcs java process tree Bespoke c2 · alerting DSΣPDDCS [LLM] Mini Shai-Hulud C2 callback to zero.masscan.cloud / 94.154.172.43 Bespoke c2 · alerting DSΣPDDCS [LLM] DNS / Network egress to TeamPCP Nx Console C2 domain check.git-service.com Bespoke c2 · alerting DSΣPDDCS [LLM] DNS lookup for git-tanstack.com TeamPCP C2 staging domain Bespoke c2 · alerting DSΣPDDCS [LLM] Outbound connection to TeamPCP C2 IP 83.142.209.194 Bespoke c2 · hunting DSΣPDDCS [LLM] Outbound network connection to mistralai 2.4.6 dropper C2 (83.142.209.194) Bespoke c2 · alerting DSΣPDDCS [LLM] Session/Oxen P2P exfil DNS or TCP to getsession.org from build/CI host Bespoke c2 · alerting DSΣPDD [LLM] GPT-Proxy backdoor C2 / Stage-2 download (sync.geeker.indevs.in, gibunxi4201/kube-node-diag) Bespoke c2 · alerting DSΣPDD [LLM] TeamPCP Trivy/KICS C2 callback to scan.aquasecurtiy.org / 45.148.10.212 Bespoke c2 · hunting DSΣPDD [LLM] IoliteLabs IOC sweep: rraghh.com / oortt.com hostnames + campaign file hashes Bespoke c2 · hunting DSΣPDD [LLM] Outbound DNS/HTTPS to TeamPCP exfil domain models.litellm.cloud (litellm PyPI compromise) Bespoke c2 · alerting DSΣPDDCS [LLM] Trivy supply-chain C2 beacon to typosquat domain scan.aquasecurtiy.org Bespoke c2 · alerting DSΣPDD [LLM] Scavenger npm malware C2 beacon to firebase.su / dieorsuffer.com / smartscreen-api.com Bespoke c2 · alerting DSΣPDD [LLM] PlushDaemon EdgeStepper hijacking infrastructure (wcsset.com / 47.242.198.250 / 8.212.132.120) contact Bespoke c2 · hunting DSΣP [LLM] CI/CD Linux build host outbound to gist.githubusercontent.com (tj-actions IOC pattern) Bespoke c2 · alerting DSΣPDD [LLM] Scavenger C2 callback: ifyouseethisyouareultragay[.]com / pokerainteasy[.]su Bespoke c2 · alerting DSΣPDD [LLM] Scavenger Stealer C2 beacon to corroborated infrastructure (datahog.su / datalytica.su / smartscreen-api.com) Bespoke c2 · alerting DSΣPDDCS [LLM] BoltDB Go backdoor C2 callback to 49.12.198.231:20022 Bespoke c2 · hunting DSΣPDDCS [LLM] Outbound fetch of file.sh via attacker-controlled commit d8daa0b... on raw.githubusercontent.com Bespoke c2 · alerting DSΣPDDCS

Actions on Objectives (45)

GitHub mass repository deletion Internal actions · alerting DD GitHub personal access token created Internal actions · alerting DD GitHub personal access token cloning many repositories Internal actions · alerting DD GitHub repository visibility changed to public Internal actions · alerting DD GitHub repository transfer initiated Internal actions · alerting DD GitHub secrets-API enumeration Internal actions · alerting DD GitLab group visibility changed to public Internal actions · alerting DD GitLab mass repository download Internal actions · alerting DD GitLab personal access token generated Internal actions · alerting DD GitLab project visibility changed (public) Internal actions · alerting DD [WEEKLY] Install-Triggered Registry Publish or Git Push (Supply-Chain Worm Self-Propagation) Internal actions · alerting DSPDDCSCW [WEEKLY] Vendor / Third-Party OAuth App or SP Sign-in From Unbaselined Egress Followed by Bulk SaaS Object Read Internal actions · alerting DSPDD [LLM] Non-forensic process bulk-reading the App.MenuItem Biome stream Bespoke actions · hunting DSΣPDDCS [LLM] Agentjacking C2/exfiltration to advisory-tracker.com (Tenet Sentry-MCP attack) Bespoke actions · alerting DSΣPDDCS [LLM] npm lifecycle script harvests secrets via TruffleHog or chains to GitHub API Bespoke actions · alerting DSΣPDDCS [LLM] meta-ads-mcp Streamable HTTP listener bound to non-loopback interface Bespoke actions · alerting DSΣPDDCS [LLM] Vulnerable Baileys npm package present on disk (CVE-2026-48063) Bespoke actions · hunting DSΣPDDCS [LLM] nebula-mesh CVE-2026-47724 — cross-tenant firewall mutation via PUT /api/v1/networks/{id}/firewall Bespoke actions · hunting SΣPDD [LLM] nebula-mesh CVE-2026-47724 — operator sabotage (disable/enable/key revocation) by non-admin actor Bespoke actions · alerting SΣPDD [LLM] Vulnerable cordova-plugin-inappbrowser install on dev endpoint (CVE-2026-47430) Bespoke actions · hunting DSΣPDDCS [LLM] Mini Shai-Hulud npm worm exfiltration to t.m-kosche.com OpenTelemetry endpoint Bespoke actions · alerting DSΣPDDCS [LLM] Enterprise Gateway service account creates privileged / hostPath / RBAC-escalating pod (CVE-2026-44181 post-exploit) Bespoke actions · alerting SΣPDDCW [LLM] Public GitHub repo creation matching Miasma 'adjective-creature-N' exfil pattern Bespoke actions · hunting DSPDD [LLM] Worm-injected .github/setup.js commit with 'chore: update dependencies [skip ci]' message Bespoke actions · alerting DSΣPDD [LLM] Vitest UI server launched with non-loopback --api.host / --host (CVE-2026-47429 exposure) Bespoke actions · alerting DSΣPDDCS [LLM] PraisonAI Platform member role mutation endpoint hit (CVE-2026-47407 privilege escalation) Bespoke actions · alerting SΣPDDCW [LLM] PraisonAI python process spawning shell, curl, or wget (post-exploitation tool-use abuse) Bespoke actions · alerting DSΣPDDCS [LLM] Vulnerable vm2 package (<=3.11.3) present on host — CVE-2026-47137 exposure surface Bespoke actions · hunting DSΣPDDCS [LLM] Vulnerable vm2 package (<=3.11.3) present on endpoints — CVE-2026-47208 exposure Bespoke actions · hunting DSΣPDDCS [LLM] nezha-agent spawning credential-access shell commands on Linux (post-RCE) Bespoke actions · alerting DSΣPDDCS [LLM] nezha-agent outbound network connection to cloud instance-metadata service Bespoke actions · alerting DSΣPDDCS [LLM] GitHub audit log bulk private-repo clone burst (post Nx Console compromise pattern) Bespoke actions · alerting DSPDD [LLM] Arcane GitOps: DELETE /api/customize/git-repositories/{id} by non-admin principal (CVE-2026-45625 DoS / post-exfiltration cleanup) Bespoke actions · alerting SΣPDD [LLM] Vulnerable vm2 npm package (<= 3.11.2) present on host — CVE-2026-45411 Bespoke actions · hunting DSΣPDDCS [LLM] MCPHub tool execution via spoofed identity — POST to /<user>/messages with JSON-RPC body Bespoke actions · alerting SΣPDD [LLM] Container escape via chroot/nsenter against mounted host filesystem Bespoke actions · alerting DSΣPDDCS [LLM] Mini Shai-Hulud post-compromise persistence artifacts in .claude/, .vscode/, .github/workflows/ Bespoke actions · alerting DSΣPDD [LLM] Shai-Hulud preinstall: node/npm spawning git/curl/gh pushing to attacker repo or GitHub API Bespoke actions · hunting DSPDDCS [LLM] Read of /proc/<pid>/mem targeting GitHub Runner.Worker (TeamPCP credential dump) Bespoke actions · alerting DSΣPDD [LLM] tj-actions/changed-files compromise: memdump.py secret-exfiltration shell pattern on runner (CVE-2025-30066) Bespoke actions · alerting DSΣPDD [LLM] s1ngularity nx: AI CLI assistant invoked with permission-bypass flags (Claude/Gemini/Q) Bespoke actions · alerting DSΣPDD [LLM] s1ngularity nx: /tmp/inventory.txt staging file created on host Bespoke actions · alerting DSΣPDD [LLM] GhostAction GitHub workflow secret-enumeration commit pattern Bespoke actions · hunting DSPDDCS [LLM] AI coding agent CLI (claude/gemini/q) invoked with permission-bypass flags Bespoke actions · alerting DSΣPDDCS [LLM] Tag deletion/repointing on critical GitHub Action repositories (configure-aws-credentials v4.3.0 pattern) Bespoke actions · alerting SΣPDD

Recent articles citing Source control-targeted detections

crit 400+ AUR Packages Hijacked: What the “Atomic Arch” Campaign Means for Supply-Chain Security
crit Tracing Digital Intent: New MacOS Tahoe 26 Artifact Discovered
crit [GHSA / CRITICAL] CVE-2026-48150: Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign
high Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code
crit [GHSA / CRITICAL] CVE-2026-48062: CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule
high Miasma and Hades Are Spreading Now: Detect Them on Developer Machines with Suspicious Files
high npm v12 delivers one of the biggest security improvements in years
crit [GHSA / CRITICAL] CVE-2026-48039: Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token
crit [GHSA / CRITICAL] CVE-2026-48063: Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted pr
crit [GHSA / CRITICAL] CVE-2026-48031: Go Restful API Boilerplate: Hardcoded JWT Secret "random" Allows Token Forgery
crit [GHSA / CRITICAL] CVE-2026-48030: Pheditor: OS Command Injection in terminal handler via unsanitized 'dir' parameter
crit [GHSA / CRITICAL] CVE-2026-8467: PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook pl
high Pythagora-io/gpt-pilot Compromised on GitHub - Shai-Hulud Credential Stealer Blocked by Python Linter
crit Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Ag
high Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
crit LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
crit [GHSA / CRITICAL] CVE-2026-47724: nebula-mesh: API endpoints lack ownership checks, enabling cross-operator privilege escalation
crit [GHSA / CRITICAL] CVE-2026-47252: Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin
crit [GHSA / CRITICAL] CVE-2026-45034: PHPSpreadsheet has a patch bypass for CVE-2026-34084
crit [GHSA / CRITICAL] CVE-2026-47430: Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from
crit [GHSA / CRITICAL] CVE-2026-47744: Shopper: Authorization bypass and RBAC privilege escalation in team settings
crit [GHSA / CRITICAL] CVE-2026-47731: NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over th
crit [GHSA / CRITICAL] CVE-2026-47670: Authenticated Remote Code Execution via loadReader functionName code injection in DbGate
crit [GHSA / CRITICAL] CVE-2026-47669: DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE
crit [GHSA / CRITICAL] CVE-2026-47668: DbGate: Unauthenticated Remote Code Execution via JSON Script Runner
crit [GHSA / CRITICAL] CVE-2026-47708: MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper
crit [GHSA / CRITICAL] GHSA-jpvj-wpmj-h7rv: Supply chain compromise via malicious @cap-js/openapi
crit [GHSA / CRITICAL] GHSA-8whc-2wmv-ww35: WWBN AVideo: Unauthenticated Stored DOM Cross-Site Scripting via Per-Client Metadata Broadcast in YPT
crit [GHSA / CRITICAL] CVE-2026-44182: Jupyter Enterprise Gateway: Kubernetes Manifest Injection in Jinja2 Template Rendering
crit [GHSA / CRITICAL] CVE-2026-44181: Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execut
crit [GHSA / CRITICAL] CVE-2026-44180: Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass
crit Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign
crit The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2)
high Multiple redhat-cloud-services npm Packages compromised
high Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets
high Nx Console VS Code Extension Compromised
crit [GHSA / CRITICAL] CVE-2026-47413: praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members
crit [GHSA / CRITICAL] CVE-2026-47429: When Vitest UI server is listening, arbitrary file can be read and executed
crit [GHSA / CRITICAL] CVE-2026-47416: praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{
crit [GHSA / CRITICAL] CVE-2026-47410: praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery f
crit [GHSA / CRITICAL] CVE-2026-47407: PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation
crit [GHSA / CRITICAL] CVE-2026-47391: PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution
crit [GHSA / CRITICAL] CVE-2026-47392: PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subpro
crit [GHSA / CRITICAL] CVE-2026-47393: PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default
crit [GHSA / CRITICAL] CVE-2026-47140: NodeVM builtin denylist bypass via process and inspector/promises allows host code execution
crit [GHSA / CRITICAL] CVE-2026-47210: vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass
crit [GHSA / CRITICAL] CVE-2026-47137: vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE
crit [GHSA / CRITICAL] CVE-2026-47208: vm2 is Vulnerable to Sandbox Breakout Through Promise Species
crit [GHSA / CRITICAL] CVE-2026-47131: vm2 has a Sandbox Escape issue
high Typosquatted npm packages used to steal cloud and CI/CD secrets
high What MDM can't protect on developer machines (and what to do about it)
crit ESET APT Activity Report Q4 2025–Q1 2026
crit [GHSA / CRITICAL] CVE-2026-46621: Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection
crit [GHSA / CRITICAL] CVE-2026-46562: Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override
crit [GHSA / CRITICAL] CVE-2026-45618: LiquidJS is Vulnerable to Remote Code Execution
crit [GHSA / CRITICAL] CVE-2026-44632: Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExe
crit [GHSA / CRITICAL] CVE-2026-33137: XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}
crit Laravel Lang Supply Chain Advisory
crit [GHSA / CRITICAL] CVE-2026-46716: Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
crit [GHSA / CRITICAL] CVE-2026-46670: YesWiki: Unauthenticated SQL Injection