Corgea

A malicious 18.95.0 release of the Nx Console VS Code extension executed a hidden npx task on workspace activation, fetched an obfuscated Bun payload from a dangling nrwl/nx commit, harvested developer and cloud credentials, and installed macOS persistence.

WebdriverIO BrowserStack Service versions through 9.23.2 interpolate attacker-controlled Git branch names into execSync() calls during test orchestration smart selection, allowing command injection on CI runners and developer machines.

Corgea's weekly briefing for 12-19 May 2026 covers the durabletask PyPI compromise, the Mini Shai-Hulud expansion into AntV and related npm packages, the Nx Console extension compromise, WebdriverIO command injection, and other important supply-chain, kernel, and application-security research from the week.

Three malicious PyPI releases of Microsoft's durabletask Python SDK, versions 1.4.1 through 1.4.3, executed an import-time Linux dropper that fetched rope.pyz, harvested cloud and developer secrets, and attempted lateral movement through AWS SSM and Kubernetes.

TeamPCP's Mini Shai-Hulud campaign expanded on May 19 with hundreds of malicious npm releases across the AntV data-visualization ecosystem and related packages including echarts-for-react, timeago.js, size-sensor, and jest-canvas-mock.

Five Strapi advisories published in mid-May affect npm packages across the Strapi CMS stack, including a critical unauthenticated admin reset-token oracle in @strapi/strapi and a critical Content-Type Builder SQL injection in @strapi/content-type-builder and @strapi/plugin-content-type-builder.

Cemu v2.6 Linux GitHub release assets were deleted and re-uploaded with a Python zipapp payload tied to the TanStack and Mistral TeamPCP supply-chain campaign, exposing users who ran the AppImage or Ubuntu ZIP to credential theft and possible destructive behavior.

Three npm releases of node-ipc, versions 9.1.6, 9.2.3, and 12.0.1, were published with an obfuscated CommonJS payload that steals developer and CI credentials and exfiltrates gzipped archives through DNS TXT queries.

CVE-2026-46300, nicknamed Fragnesia, is a new Linux kernel XFRM ESP-in-TCP local privilege escalation that lets unprivileged local attackers corrupt read-only file contents in page cache and execute a root shell from a patched-in-memory system binary.

GemStuffer is a RubyGems registry-abuse campaign that published 155 junk package artifacts containing scraped UK council portal data, using hardcoded RubyGems API keys and valid .gem archives as a public data drop.

This week's Corgea changelog highlights Harness Code integration, sharper secret scanning, and stronger endpoint discovery in the scanning engine.