Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <62acad70-af9f-40a4-ad77-2cc425a8d390@oracle.com>
Date: Tue, 12 May 2026 14:55:38 -0700
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com
Subject: Fwd: [siren] [Security Advisory] Severity: CRITICAL -
 Malicious Compromise of OpenSearch Pre-Release npm Packages

While the below email only mentions OpenSearch, hundreds of packages across
NPM & PyPi were affected in the last two days, see:
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack

-------- Forwarded Message --------
Subject: [siren] [Security Advisory] Severity: CRITICAL - Malicious Compromise of OpenSearch Pre-Release npm Packages
Date: Tue, 12 May 2026 14:46:33 -0700
From: Christopher Robinson via lists.openssf-vuln.org <christopher.robinson=linuxfoundation.org@...ts.openssf-vuln.org>
Reply-To: siren@...ts.openssf-vuln.org, christopher.robinson@...uxfoundation.org
To: siren@...ts.openssf-vuln.org

Title: Malicious Compromise of OpenSearch Pre-Release npm Packages
Date: 12 May 2026
Severity: Critical

## Overview
On May 11, the [OpenSearch Project](https://opensearch.org/) Node Package Manager (npm) publishing infrastructure was compromised as part of a broader npm supply chain attack campaign.  While the incident was limited to the JavaScript client repository, compromised credentials were used to publish inauthentic OpenSearch prerelease artifacts containing malicious packages.

The malicious packages were identified and removed from the npm repository as of 11:00 p.m. EDT on May 11, 2026.  At this time, the impacted versions are limited to the following prerelease packages:
- 3.5.3
- 3.6.2
- 3.7.0
- 3.8.0. Anyone who downloaded or installed these versions within the described window should immediately follow the remediation guidance in this advisory.
As an additional precautionary measure, the project has blocked all write permissions on the project repositories until all credentials are rotated. We estimate this process will be complete on May 13, 2026.  Based on currently available evidence, the activity appears consistent with tactics associated with the broader “Mini Shari Halud” supply chain campaign targeting npm ecosystem projects and CI/CD publishing infrastructure.

## Affected Versions
### OpenSearch Project| Version | Published UTC | Published America/New_York |
|------|------------------------------|-------------------------------|
| 3.5.3 | 2026-05-12T00:47:39.185Z | May 11, 2026, 8:47:39 PM EDT |
| 3.6.2 | 2026-05-12T00:29:34.210Z | May 11, 2026, 8:29:34 PM EDT |
| 3.7.0 | 2026-05-12T00:42:29.686Z | May 11, 2026, 8:42:29 PM EDT |
| 3.8.0 | 2026-05-12T00:43:54.445Z | May 11, 2026, 8:43:54 PM EDT |

## RemediationAny computer that installed or executed these package versions:
0000 UTC 12 May 2026 / 8:30 PM EDT 11 May 2026
and
0300 UTC 12 May 2026 / 11:00 PM EDT 11 May 2026 should be treated as potentially fully compromised pending forensic investigation.  All secrets and keys stored on that computer should be rotated immediately from an alternate system.  The affected packages should immediately be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

## Immediate Recommended Actions
Because compromised publishing credentials were used to distribute malicious artifacts through legitimate package infrastructure, downstream consumers should treat these package versions as trusted-channel supply chain compromises rather than ordinary malicious downloads.
Organizations should review:
- CI/CD dependency caches
- Artifact repositories
- Build pipelines
- Developer workstations
- Container images
- Software bills of materials (SBOMs)
to identify whether affected versions were introduced into development or production environments.
Organizations and users should take the following actions immediately:
### 1. Isolate Potentially Affected Systems
Disconnect affected systems from the network
Prevent further communication with internal infrastructure and cloud services
Preserve logs and forensic artifacts where possible

### 2. Rotate Credentials and Secrets
Immediately rotate from a separate trusted system:
- Cloud credentialsCI/CD tokens
- npm authentication tokens
- GitHub/GitLab credentials
- SSH keys
- API keys
- Kubernetes secrets
- Signing keys and release credentials
Assume any credentials accessible from the compromised machine may have been exfiltrated.

### 3. Remove and Rebuild
- Remove the affected package versions immediately
- Rebuild systems from known-good sources where feasible
- Validate dependencies and lockfiles before redeployment
Because arbitrary code execution may have occurred, simply uninstalling the package may not fully remediate the compromise.

### 4. Review CI/CD and Repository Activity
Projects should immediately:
- Audit CI/CD workflows and automation credentials
- Review repository permissions and force-push access
- Inspect recent commits, tags, and release artifacts
- Review npm publication logs and maintainer activity
- Rotate signing and publishing credentials

### 5. Monitor for Secondary Compromise
Watch for:
- Unexpected outbound network connections
- New SSH authorized keys
- Unauthorized GitHub Actions workflow changes
- Suspicious npm publications
- Credential reuse attempts
- Persistence mechanisms or scheduled tasks

## Additional Recommendations for Maintainers
This incident highlights the growing trend of attackers targeting software supply chains through CI/CD systems and package publication workflows.

Projects are strongly encouraged to:
- Enforce least-privilege access to CI/CD systems
- Require MFA for package publishing
- Protect release branches and tags
- Eliminate unnecessary force-push permissions
- Use ephemeral build credentials where possible
- Monitor release pipelines for anomalous behavior
- Conduct regular audits of automation tokens and repository permissions
Projects aligned with the OpenSSF OSPS Baseline are materially better positioned to reduce the likelihood and impact of this class of attack through stronger controls around automation security, secrets management, code review, and release governance.

## References and Additional Information
- Snyk analysis of related npm ecosystem compromises [blog](https://snyk.io/blog/tanstack-npm-packages-compromised/) - OpenSSF [OSPS Baseline](https://baseline.openssf.org/)
- OWASP npm security [best practices](https://cheatsheetseries.owasp.org/cheatsheets/NPM_Security_Cheat_Sheet.html)
- [GHSA](https://github.com/opensearch-project/opensearch-js/security/advisories/GHSA-27f5-xjrr-q9ff)

The investigation remains ongoing. Additional indicators of compromise (IOCs), forensic details, and remediation guidance may be published as more information becomes available.  Please share this advisory broadly with downstream consumers, CI/CD administrators, security teams, and affected development communities.


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#8): https://lists.openssf-vuln.org/g/siren/message/8
Mute This Topic: https://lists.openssf-vuln.org/mt/119288087/8539914
Group Owner: siren+owner@...ts.openssf-vuln.org
Unsubscribe: https://lists.openssf-vuln.org/g/siren/unsub [alan.coopersmith@...cle.com]
-=-=-=-=-=-=-=-=-=-=-=-

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.