CramHacks Chronicles #93: Weekly Cybersecurity Newsletter!

Hello, and Happy Monday!

This week I’ve reflected a bit on the software supply chain security space. The outcome was rather positive. Only a few years ago I struggled to find anyone who has even heard the term, eventually it became “oh, is that the SBOM stuff?”, and now I find myself in rooms with folks familiar with dependency vulnerabilities, OSS licensing, the SLSA framework, Sigstore, extension risks, etc.

Yeah, we still have a long ways to go on the technology-front, but the progress on the first stage has been tremendous: Acknowledging that we have a problem.

Newsletter

Google Gemini G-Suite Prompt Injection Vulnerability
Malicious actors can leverage white text (hidden) text in an email’s body to perform a prompt injection against the Gemini Summarize feature. You can abuse Gemini’s prompt hierarchy by wrapping the prompt injection with <Admin>. Victims are tricked into calling phone numbers, visiting URLs, and more.

👋 Google is aware of this and is regularly introducing mitigating controls, but the attack vector is reportedly still viable today.

JounQin: npm package maintainer token compromised
The npm token for a maintainer of widely used packages was compromised after falling victim to a phishing email impersonating npm. Malicious versions of popular packages eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, and napi-postinstall were published to the registry.

These packages combined receive ~100M downloads per week and each had at least one malicious version published due to this token compromise. The root cause appears to be a phishing email impersonating npm, using the domain npnjs[.]com.

👋 While I was investigating popular open source package maintainers it stood out to me how few maintainers are actually involved in the world’s most popular packages. JounQin has published 266 packages with almost 200M downloads this past week. Another maintainer, wooorm, who seems to be affiliated with JounQin somehow, has published 728 packages with 1.2B downloads this past week.

crates.io: announces trusted publishing
The latest crates.io development update includes the announcement of Trusted Publishing support via GitHub Actions! RFC here for more details. If you’re not familiar, Trusted Publishing means goodbye to long-lived tokens for package maintainers. Instead, the OIDC token generated by your workflow is used to generate a short-lived token for publishing.

👋 I love Trusted Publishing and you should too. Coming soon for npm!

Introducing OSS Rebuild: Open Source, Rebuilt to Last
Google’s Matthew Suozzo announces OSS Rebuild, a new project reproducing upstream packages. Through automations and heuristics, they’ve reproduced thousands of packages in the npm, PyPI, and crates.io ecosystems. A provenance attestation has been generated for each reproduced package & version, making it possible for consumers to verify a package’s origin.

👋 The article states it helps detect several classes of supply chain compromise, including “Stealthy Backdoors - Even sophisticated backdoors like xz often exhibit anomalous behavioral patterns during builds.” Not sure I’m onboard with that claim 😅. Side note, this feels awfully similar to the Assured Open Source Software product offering. I wonder if they’re using OSS Rebuild as part of that product offering.

Kubernetes Image Builder: (CVE-2025-7342) Default Creds for windows image
When using vulnerable versions of image-builder, default credentials will be applied to Windows images built using the Nutanix or OVA provider, unless explicitly overrode. This leaves nodes using these images vulnerable to unauthorized access via protocols such as ssh, RDP, and WINRM.

👋 The CVSS was rated a High (8.1), but the attack complexity was assigned “low.” I’m not sure I agree with that 🤔. Definitely feels like a critical to me.

NVIDIAScape - Critical Vulnerability: NVIDIA Container Toolkit
From Pwn2Own Berlin, Wiz has disclosed the technical details for a vulnerability exploit allowing attackers to bypass container isolation measures for root access on the host machine. The issue is introduced by how the NVIDIA Container Toolkit handles OCI hooks.

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.