tight wing
Between November 23-24, 2025, nine GitHub Actions workflow runs in the backstage/backstage repository executed compromised npm packages as part of the "Shai-Hulud" supply chain attack campaign.
The Backstage repository uses StepSecurity Harden Runner, an EDR (Endpoint Detection & Response) solution for GitHub Actions runners. Through Harden Runner's network monitoring capabilities, we detected malicious outbound network calls from the affected workflow runs, indicating that the malware payload executed successfully and likely exfiltrated credentials.
I am Varun Sharma, CEO of StepSecurity. Just wanted to give a heads up about this so you can investigate. We have created a report in hackerone as per responsible disclosure info in backstage repo, but are not getting traction there, so sending it here.
The following sample workflow run in backstage/backstage executed during the attack window and show indicators of compromise:
• Run 19625457065
Insights: https://app.stepsecurity.io/github/backstage/backstage/actions/runs/19625457065
GitHub: https://github.com/backstage/backstage/actions/runs/19625457065
The Harden Runner insights for these workflow runs show outbound network connections to bun.sh, oss.trufflehog.org, api.github.com (from Runner.Listener process)
Forks of Backstage (including private enterprise forks) that ran similar workflows during the attack window may also be compromised.
Full technical analysis of the Shai-Hulud attack: https://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromised
sullen jolt