CramHacks Chronicles #96: Bi-Weekly Cybersecurity Newsletter!

Hello, and Happy Monday!

I’m of course grateful to have this outlet to share my findings and thoughts with the broader community. But, I’m really glad I switched to biweekly with the newsletter. These past two weeks have been uber-productive for both my day job and side projects!

A note on reachability analysis (using static analysis)

It’s a good feature, but damn near no one using the feature actually understands it, and I’m losing my mind hearing people say “We only remediate reachable findings.” It’s hard to blame them when the industry shouts “only prioritize reachable findings” from the mountain-tops, but the fact of the matter is that a significant percentage of findings will be labeled as “undetermined,” “maybe reachable,” or similar. These can be just as severe as reachable ones!!

Why so many undetermined? Reachability analysis is largely only effective for software libraries, which are packages you import and call directly. How much of today’s SCA findings actually stem from vulnerable libraries as opposed to frameworks, plugins, cli tools, etc.?

Looking at PyPI, there are currently ~3,900 known security advisories in the ecosystem. As an experiment, I sought to classify the affected packages listed in all the advisories as “library” or “not a library.” To do this, I used the gh CLI extension for the GitHub Models service, created system & user prompts, and used variables for the security advisory details. Each advisory was passed to the prompt for classification.

Side Note: This Models feature is pretty sweet. Free access to a nice selection of models w/o having to manage API keys for each of them 😍. Rate limiting was a bit annoying, but it’s extremely reasonable for being free.

Given this was just a first pass, I wanted to err on the side caution, and so the classification favored “library.” Even then, only 46% of affected packages were classified as “library”. Meaning reachability analysis offers no value. Some tools may try to use reachability for framework configurations, but that’s a recipe for false negatives.

Just based on personal experience, I hypothesized the correct percentage would be between 20-35%. On next pass I’d like to also include the readme contents of the package, as many advisory details defaulted to “library” because of insufficient information.

P.S. An interesting finding: TensorFlow security advisories (>400) account for over 10% of all PyPI security advisories.

Newsletter

Nx Supply Chain Attack: Malware Leaks Credentials
A compromised npm token led to publishing Nx build system packages containing malicious postinstall scripts. The script gathered credentials and then published them as an encoded string to a GitHub repo named "s1ngularity-repository" under the user’s account. Roughly 1,400 users are known to have bene impacted.

👋 Unfortunately package repositories have yet to begin leveraging provenance attestation to prevent potentially malicious package releases. E.g., if a previous release contained an attestation, and the new one does not, that’s a red flag. But npm did recently announce trusted publishing, which helps take care of the compromised npm token issue, by eliminating those tokens altogether. Unfortunately, the maintainers just hadn’t gotten around to enabling it yet, which is totally reasonable given it’s a new feature.

GitHub Releases now support immutability in public preview
🥳 My team has launched Immutable Releases in public preview, enabling repositories and organizations to lock assets and tags after publication, thereby safeguarding against supply chain tampering. This feature includes signed attestations in Sigstore bundle format for verifying asset integrity and authenticity via GitHub CLI commands.

Typosquatting the GitHub Container Registry
GitHub maintains a legitimate registry hosted at ghcr[.]io, however, as the community has recently discovered, someone is running a malicious service at ghrc[.]io. At first glance it doesn’t appear to be malicious, but as Brandon Mitchell points out, it is indeed listening for /v2/ API calls and responding with what is needed to trigger an OCI client to send credentials.

Note from Teemu, Tim, and Torin to the Open Policy Agent community
The creators of Open Policy Agent (OPA) and many Styra team members have joined Apple to continue developing OPA as an open-source solution for unified policy enforcement across cloud-native stacks, with Apple leveraging OPA for its global-scale cloud service authorization infrastructure.

Exploiting CodeRabbit: RCE and Write Access on 1M Repositories
A nasty bug in CodeRabbit’s Rubocop setup let attackers run arbitrary Ruby code that exfiltrated private keys which offered write access to over 1 million GitHub repos!

👋 CodeRabbit is the most installed AI app on GitHub & Gitlab. They failed to sandbox a tool capable of executing arbitrary code, in an environment containing a private key used to generate access tokens to all onboarded repos, that is brutal. Reportedly, Rubocop was the only tool in CodeRabbit’s arsenal that was inadequately sandboxed.

PyPI: Preventing Domain Resurrection Attacks
PyPI now monitors domain expiration to block domain resurrection attacks, where attackers buy expired domains to hijack accounts via password resets. Since June 2025, more than 1,800 email addresses have been unverified due to their associated domains expiring.

GitHub Actions policy now supports blocking and SHA pinning actions
GitHub Actions now lets organizations define policies to allow specific actions, block others, and enforce SHA pinning, ensuring workflows use trusted, pinned commits to prevent supply chain attacks.

👋 There’s a lot of room for improvements in how we consume GitHub Actions, but this is a big step in the right direction!

Until Next Time! 👋

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle

P.S. CramHacks has a Supporter tier! You can upgrade here to support CramHacks and its free weekly content 😃.