Skip to content

CyberSecurity Institute

Security News Curated from across the world

Menu
Menu

DevSecOps Weekly — July 5, 2026

Posted on July 7, 2026 by admini

Security Radar · Issue 6

DevSecOps Weekly

July 5, 2026 · Weekly Edition

Registries under siege, an unpatched pipeline flaw with no fix in sight, and JFrog’s governance play takes center stage.

At a glance

Package-registry supply-chain attacks dominated the week, and JFrog’s own research desk was in the middle of two of them. A North Korea-linked “Fake Font” campaign hijacked npm packages and a cluster of 16 Go packages to hide a VS Code auto-run task that ultimately deploys the InvisibleFerret Python infostealer — the same actor group JFrog also tied to a fresh set of npm packages mimicking Rollup polyfill tooling to plant remote-access malware on developer workstations. In parallel, Checkmarx disclosed Operation Navy Ghost, eight trojanized Pyrogram forks on PyPI that turn any Telegram bot running in production into an attacker-controlled shell, and SafeDep documented a ten-account, thirty-package npm campaign that used a fake Polymarket arbitrage bot on GitHub as bait to plant a DeFi credential stealer. Four unrelated actors, one shared pattern: the registry itself, not the developer, is now the primary attack surface.

CI/CD and package-manager hygiene got harder to ignore this week. Synacktiv published an unauthenticated remote-code-execution flaw in Argo CD’s repo-server that can lead to full Kubernetes cluster takeover — reported to maintainers eighteen months ago, still unpatched, with no CVE assigned and the only real defense being network policies most Helm-based installs don’t enable by default. GNU Guix disclosed and patched four vulnerabilities in guix substitute and guix pull that allowed a malicious or man-in-the-middle substitute server to write arbitrary files to the build daemon’s filesystem. Kaspersky’s GReAT team scanned roughly 130,000 GitHub Actions pipelines and found more than 250,000 configuration deviations, with critical flaws in eight repositories capable of enabling supply-chain compromise. And npm v12, arriving this month, will finally flip install scripts, Git dependencies, and remote-URL dependencies from automatic to opt-in — a structural fix teams should already be testing against.

On the governance side, two stories move over from the JFrog Competitive Intelligence bulletin this week because they speak directly to the DevSecOps audience’s daily reality: Gartner published its first-ever Magic Quadrant for Software Supply Chain Security and named JFrog a Leader with the highest Ability to Execute score of any vendor evaluated, citing JFrog’s State of the Union data point that malicious npm packages rose 451% year over year. Days earlier, JFrog and Anthropic shipped a JFrog Platform plugin for Claude Code that gives agentic coding sessions governed, scanned access to dependencies and artifacts before they land in a build. Read together with this week’s registry attacks, the message is blunt: the tooling that watches what agents and pipelines pull in is becoming as consequential as the code itself.

Topic map of DevSecOps Weekly stories for July 5, 2026

Topic map — npm/PyPI supply-chain attacks (Fake Font VS Code campaign, Operation Navy Ghost, the Polymarket Trap, North Korea’s Rollup polyfill mimics), CI/CD & package-manager hardening (Argo CD’s unpatched repo-server flaw, GNU Guix substitute/pull vulnerabilities, GitHub Actions misconfigurations, npm v12), and supply-chain governance & industry standing (JFrog’s Gartner Magic Quadrant leadership, the JFrog–Anthropic Claude Code plugin).

Article index

npm & PyPI supply-chain attacks

Four separate campaigns hit package registries this week, from North Korea-linked malware disguised as fonts and polyfills to a coordinated DeFi credential-theft operation spanning ten npm accounts.

  1. Hijacked npm and Go packages use VS Code tasks to deploy Python infostealer (The Hacker News, Jun 29) — W1
  2. Malicious PyPI packages give hackers control of Telegram bot servers — Operation Navy Ghost (BleepingComputer, Jun 30) — W2
  3. The Polymarket trap: a fake arbitrage bot, ten npm accounts, four ways to deliver an infostealer (SafeDep, Jul 1) — W3
  4. North Korea-linked npm packages mimic Rollup polyfills to steal developer secrets (The Hacker News, Jul 3) — W4
  5. npm v12 is coming in July — here’s what developers need to do now (DevOps.com, Jun 11) — F1

CI/CD & pipeline security

An unpatched, unauthenticated RCE in Argo CD, a hardened GNU Guix release closing four substitute/pull vulnerabilities, and a large-scale study quantifying just how misconfigured GitHub Actions pipelines really are.

  1. Unpatched Argo CD repo-server flaw could let attackers take over Kubernetes clusters (The Hacker News, Jul 1) — W5
  2. ‘guix substitute’ and ‘guix pull’ vulnerabilities (GNU Guix Blog, Jun 24) — F2
  3. 250,000 misconfigurations in GitHub Actions — Kaspersky GReAT study (Kaspersky Blog, Jun 26) — F3

Supply-chain governance & industry standing

JFrog closed the week as the highest-scoring vendor in Gartner’s first Magic Quadrant for the category and shipped governance tooling directly into Claude Code — moved in from JFrog Competitive Intelligence because both stories bear directly on how DevSecOps teams govern what agents and pipelines pull into a build.

  1. JFrog positioned as a Leader in first Gartner Magic Quadrant for Software Supply Chain Security (BusinessWire, Jun 22) — F4
  2. JFrog and Anthropic bring enterprise-grade software supply chain governance to Claude Code (BusinessWire, Jun 10) — F5

Detailed write-ups

01

Hijacked npm and Go packages use VS Code tasks to deploy Python infostealer

The Hacker News · June 29, 2026

JFrog researchers found two hijacked npm packages, html-to-gutenberg and fetch-page-assets, along with 16 companion Go packages identified by Nextron Systems, hiding a hidden VS Code task named “eslint-check” configured to auto-run when a project folder opens. The payload disguises itself as a font file — public/fonts/fa-solid-400.woff2 — that actually contains JavaScript pulling encrypted next-stage code from blockchain transaction data on TronGrid and Aptos, a dead-drop technique resilient to takedowns. From there it opens a Socket.io backdoor and deploys a Python infostealer harvesting browser, wallet, and developer credentials, including Git, GitHub CLI, and cloud-storage metadata. Researchers tracking the campaign as “Fake Font” attribute it to North Korea as a variant of the long-running Contagious Interview operation. Audit for hidden .vscode/tasks.json entries with folderOpen triggers and treat any font-file asset that isn’t rendering as suspect.

Read the article

Sources: The Hacker News

02

Malicious PyPI packages give hackers control of Telegram bot servers

BleepingComputer · June 30, 2026

Checkmarx disclosed Operation Navy Ghost, a campaign active since November 2025 that published at least eight trojanized forks of the unmaintained but still-popular Pyrogram Telegram framework — including VLifeGram, pyrogram-styled, and pyrogram-navy — each carrying a hidden backdoor module called secret.py. The backdoor activates specifically on Telegram bot accounts rather than user accounts, a deliberate choice since bots typically run unattended in production with access to databases, credentials, and cloud APIs. Once live, an attacker on a hardcoded “OWNERS” list can send Telegram commands like /asu or /asi to execute arbitrary Python or shell commands on the host, with results returned via Telegram message or file. Checkmarx attributes all eight packages, published under different PyPI accounts, to a single operator based on shared code, command names, and infrastructure. Teams running Pyrogram-based bots should audit for these forks immediately and rotate server credentials.

Read the article

Sources: BleepingComputer

03

The Polymarket trap: a fake arbitrage bot, ten npm accounts, four ways to deliver an infostealer

SafeDep · July 1, 2026

SafeDep traced a coordinated campaign in which ten npm maintainer accounts published 30 packages mimicking Polymarket tooling and general DeFi math libraries, luring victims through a fake GitHub repository, Trum3it/polymarket-arbitrage-bot, that racked up 53 forks before anyone flagged it. Its package.json listed clob-client-math as a dependency that’s never actually imported in the bot’s code — it exists purely to trigger a postinstall hook. The operators used four distinct delivery techniques across the ten accounts, including one that has a clean 1.0.0 release use npm itself to fetch and self-overwrite with a malicious 1.0.1, defeating tarball-based scanning entirely. The resulting 2,800-line infostealer reads crypto wallet vaults, browser credentials, SSH and AWS keys, npm tokens, and password-manager databases. Shared C2 domains and byte-identical dropper code tie all ten accounts to one operator. Anyone who ran npm install against these packages should treat every credential on that machine as compromised.

Read the article

Sources: SafeDep

04

North Korea-linked npm packages mimic Rollup polyfills to steal developer secrets

The Hacker News · July 3, 2026

JFrog identified npm packages rollup-packages-polyfill-core and rollup-runtime-polyfill-core mimicking the legitimate rollup-plugin-polyfill-node down to its description and repository metadata, each installing a second-stage package disguised as an SVG utility that fetches a JSON payload from JSONKeeper and evaluates it. The malware runs environment checks to avoid cloud sandboxes and analysis infrastructure before reaching out for an encrypted loader that enables interactive remote access — terminal sessions, screenshot capture, and mouse/keyboard control via the @nut-tree-fork/nut-js package — plus browser and cryptocurrency wallet theft. The file collector specifically targets VS Code, Windsurf, and Cursor editor history alongside AWS, Azure, Gemini, and Claude configuration files. JFrog notes the technique overlaps with the OtterCookie malware family tied to Lazarus/Contagious Interview. The disclosure landed alongside a wave of unrelated npm and PyPI credential-theft campaigns documented the same week by Checkmarx, SafeDep, and independent researchers, underscoring how crowded the registry-attack surface has become.

Read the article

Sources: The Hacker News

05

npm v12 is coming in July — here’s what developers need to do now

DevOps.com · June 11, 2026

Starting this month, npm v12 flips three defaults that have enabled the bulk of this week’s registry attacks: install scripts (preinstall/install/postinstall) no longer run automatically, Git dependencies no longer resolve automatically, and remote-URL tarball dependencies no longer resolve automatically — all become explicit opt-ins. The change follows a brutal run of npm supply-chain incidents, including the September 2025 hijack of 18 packages with combined weekly downloads over 2.6 billion and roughly 455,000 malicious npm packages published in 2025 alone. Teams can prepare now: npm 11.16.0 already ships advisory-mode warnings, and running npm approve-scripts --allow-scripts-pending surfaces every package with an unreviewed script so teams can build a committed allowlist before the hard cutover. Package maintainers relying on install scripts should document the requirement and consider shipping prebuilt binaries instead. This week’s Fake Font, Navy Ghost, and Polymarket campaigns are precisely the class of attack v12’s defaults are designed to blunt.

Read the article

Sources: DevOps.com

06

Unpatched Argo CD repo-server flaw could let attackers take over Kubernetes clusters

The Hacker News · July 1, 2026

Synacktiv disclosed an unauthenticated remote-code-execution flaw in Argo CD’s repo-server, the component that turns Git repositories into Kubernetes manifests, that can lead to full cluster takeover. The bug abuses kustomize’s –helm-command option: an unauthenticated request to the repo-server’s internal gRPC service can point that option at an attacker-controlled script instead of the helm binary. There is no patch and no CVE — Synacktiv reported the issue in January 2025 and published after roughly eighteen months of silence. The only real mitigation is network isolation, but Argo CD’s own Helm chart ships with networkPolicy.create set to false, so any attacker who compromises one pod in the cluster can typically reach the repo-server directly. From there, Synacktiv showed the flaw could be chained to read the cluster’s Redis password and poison deployment data, causing Argo CD to deploy an attacker-supplied workload on its next automatic sync. Run kubectl get networkpolicy -A now and enable the shipped policies if they’re missing.

Read the article

Sources: The Hacker News

07

‘guix substitute’ and ‘guix pull’ vulnerabilities

GNU Guix Blog · June 24, 2026

The GNU Guix project disclosed and patched four vulnerabilities affecting the guix-daemon helper utilities. The most severe, in restore-file, extracts a downloaded substitute archive before verifying its cryptographic hash, letting any substitute server — or a man-in-the-middle, https notwithstanding — write arbitrary files anywhere the daemon user can write, including /etc/passwd when the daemon runs as root. A second flaw let a malicious server substitute the wrong store item for a requested one; a third allowed file:// substitute URLs to disclose or interfere with any file readable by the daemon via symlink-following. A fourth, narrower issue in guix pull and guix time-machine allowed a malicious channel name to create or overwrite files via path traversal, primarily a denial-of-service risk. All four are fixed across 11 commits; Guix and Nix-adjacent tooling maintainers should note the pattern, since a related bug once produced CVE-2024-45593 in Nix. Upgrade guix-daemon immediately and evaluate whether to run with --no-substitutes in the interim.

Read the article

Sources: GNU Guix Blog

08

250,000 misconfigurations in GitHub Actions

Kaspersky Blog (GReAT) · June 26, 2026

Kaspersky’s Global Research and Analysis Team used a new Kaspersky Container Security rule set to scan roughly 130,000 GitHub Actions pipelines across about 30,000 popular repositories, and found more than 250,000 deviations from secure CI/CD configuration practice — meaning only about 10% of the repositories examined raised no concerns at all. Of those findings, 59.8% were low risk and 39.8% medium risk, but 0.4% were classified high risk, and critical misconfigurations in eight repositories — spanning AI-integration tooling, developer automation services, and security-testing tools — were assessed capable of enabling a full supply-chain compromise; Kaspersky reported those directly to maintainers. The most common issues were implicit or overly broad permissions, missing version pinning on third-party actions, and workflow-level rather than job-level configuration; less frequent but more dangerous were top-level secret exposure, unsafe run conditions, and insecure handling of external data. The findings echo the same misconfiguration classes exploited in real campaigns like Mini Shai-Hulud, reinforcing that pipeline hygiene, not just package hygiene, needs a routine audit.

Read the article

Sources: Kaspersky Blog

09

JFrog positioned as a Leader in first Gartner Magic Quadrant for Software Supply Chain Security

BusinessWire · June 22, 2026

Gartner published its first-ever Magic Quadrant for Software Supply Chain Security, naming JFrog a Leader and placing it highest on Ability to Execute of any vendor evaluated (report ID G00843814, published June 17, 2026). Gartner separately named software supply-chain attacks among the top four critical threats where attackers currently hold the advantage, citing an accelerating “CVE Blitz” of adversarial symmetry. JFrog’s own 2026 State of the Union data, cited in the release, found 177,000 new malicious packages detected industry-wide and malicious npm packages up 451% year over year — numbers this week’s Fake Font, Navy Ghost, and Polymarket disclosures do nothing to contradict. Gartner’s evaluation highlighted JFrog Curation for blocking risky open-source components before install, JFrog AI Catalog and MCP Server for governing AI models and agent skills entering the environment, JFrog AppTrust for immutable policy-enforcement evidence, and expanded SBOM/VEX support aligned to CycloneDX and SPDX 3.0. For DevSecOps teams evaluating supply-chain tooling, it’s the first analyst-firm signal that this category has matured into its own market.

Read the article

Sources: BusinessWire

10

JFrog and Anthropic bring enterprise-grade software supply chain governance to Claude Code

BusinessWire · June 10, 2026

JFrog and Anthropic released a JFrog Platform plugin for Claude Code, giving agentic coding sessions governed access to scan, curate, and secure every artifact and dependency an agent pulls in before it enters a build. The plugin adds JFrog Platform Skills, letting agents execute vulnerability scanning, curation checks, and provenance verification through natural language, and works alongside the recently announced JFrog MCP Registry and Agent Skills Registry so that MCP servers and agent skills are vetted before use. JFrog CTO Yoav Landman framed the need bluntly: AI agents are already making dependency, build, and deployment decisions without supply-chain context, which is how malicious packages and ungoverned AI assets enter production today. The timing matters — JFrog says the platform now manages over 18 billion artifacts, a 136% year-over-year increase driven largely by AI-agent activity. Similar plugins are planned for Cursor and VS Code Copilot. For teams running Claude Code or evaluating agentic development tooling, this is the first concrete governance layer purpose-built for that workflow.

Read the article

Sources: BusinessWire

On our watch list

  • npm v12’s defaults flip this month. Install scripts, Git dependencies, and remote-URL dependencies move from automatic to opt-in. Watching for build breakage reports as teams that haven’t run npm approve-scripts --allow-scripts-pending hit the cutover cold, and for how quickly the registry-attack techniques seen this week (postinstall droppers, side-loaders) adapt to the new defaults.
  • Argo CD’s unpatched repo-server RCE. No CVE, no patch, eighteen months since disclosure. Watching whether Argo CD’s maintainers ship a fix or a hardened default network policy before Synacktiv publishes its argo-cdown proof-of-concept tool, and whether other GitOps tools with similarly permissive Helm chart defaults get the same scrutiny.
  • North Korea’s registry-poisoning cadence. Fake Font and the Rollup polyfill mimics are the same actor cluster inside one week, both caught by JFrog. Watching whether JFrog, Checkmarx, and SafeDep’s parallel research efforts converge into shared IOC feeds or registry-level blocklists rather than each vendor publishing independently after the fact.
  • Governance tooling racing ahead of agent adoption. JFrog’s Gartner MQ leadership and its Claude Code plugin land the same month as this week’s wave of registry attacks. Watching whether Snyk, Sonatype, and GitHub Advanced Security ship comparable agent-native governance plugins, and whether enterprises adopt curation-before-install as a default rather than a premium add-on.

Security Radar · DevSecOps Weekly

Weekly intelligence bulletin from Security Radar LLC

Curated by Paul Davis · paul.davis@security-radar.com

© 2026 Security Radar LLC. All rights reserved.

Article titles and summaries are excerpted for review and commentary; all linked articles remain the copyright of their respective publishers and authors.

*|LIST:ADDRESS|*

View this email in your browser · Unsubscribe

Recent Posts

  • DevSecOps Weekly — July 12, 2026
  • DevSecOps Weekly — July 12, 2026 — Interactive Topic Map
  • Malware Analysis Weekly — July 12, 2026
  • Malware Analysis Weekly — July 12, 2026 — Interactive Topic Map
  • AI & ML in Security — July 12, 2026

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • November 2025
  • April 2024
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • April 2023
  • March 2023
  • February 2022
  • January 2022
  • December 2021
  • September 2020
  • October 2019
  • August 2019
  • July 2019
  • December 2018
  • April 2018
  • December 2016
  • September 2016
  • August 2016
  • July 2016
  • April 2015
  • March 2015
  • August 2014
  • March 2014
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • October 2012
  • September 2012
  • August 2012
  • February 2012
  • October 2011
  • August 2011
  • June 2011
  • May 2011
  • April 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • June 2009
  • May 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007
  • April 2007
  • March 2007
  • February 2007
  • January 2007
  • December 2006
  • November 2006
  • October 2006
  • September 2006
  • August 2006
  • July 2006
  • June 2006
  • May 2006
  • April 2006
  • March 2006
  • February 2006
  • January 2006
  • December 2005
  • November 2005
  • October 2005
  • September 2005
  • August 2005
  • July 2005
  • June 2005
  • May 2005
  • April 2005
  • March 2005
  • February 2005
  • January 2005
  • December 2004
  • November 2004
  • October 2004
  • September 2004
  • August 2004
  • July 2004
  • June 2004
  • May 2004
  • April 2004
  • March 2004
  • February 2004
  • January 2004
  • December 2003
  • November 2003
  • October 2003
  • September 2003

Categories

  • AI-ML
  • Augment / Virtual Reality
  • Blogging
  • Cloud
  • DR/Crisis Response/Crisis Management
  • Editorial
  • Financial
  • Make You Smile
  • Malware
  • Mobility
  • Motor Industry
  • News
  • OTT Video
  • Pending Review
  • Personal
  • Product
  • Regulations
  • Secure
  • Security Industry News
  • Security Operations
  • Statistics
  • Threat Intel
  • Trends
  • Uncategorized
  • Warnings
  • WebSite News
  • Zero Trust

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
© 2026 CyberSecurity Institute | Powered by Superbs Personal Blog theme