Notes on CI runner security, eBPF, and EU sovereignty.

19 June 2026 · Thomas, Leitwacht

One dropper, 140+ packages: the Mastra npm compromise and the egress block that ends it

The @mastra npm organization was compromised: 140+ packages were republished with a single malicious dependency, easy-day-js@1.11.22, whose postinstall hook fetches a second stage from a hardcoded C2. You never installed the malicious package directly; you pulled it transitively through a package you trust. We detonated it and captured the exact C2 reach. Default-deny egress on the CI runner drops that connection before the second stage can download, regardless of how the code arrived or what it harvested.

8 June 2026 · Thomas, Leitwacht

Closing the attach race without NRI

A zero-capability init container as a synchronization barrier, plus an agent subscribed to containerd's events socket. Race-free egress enforcement without an NRI plugin's blast radius.

1 June 2026 · Thomas, Leitwacht

Valid provenance, malicious package: anatomy of the Red Hat npm compromise

Attackers re-published 31 packages across the @redhat-cloud-services npm scope at least four times in one afternoon, every version carrying valid, signed SLSA provenance. How they mint genuine provenance for malware, what the payload does (captured first-hand), and why behavioral detection catches each re-arm in seconds.

19 May 2026 · Thomas, Leitwacht

Mini Shai-Hulud, blocked: a live capture against the real payload

The Mini Shai-Hulud npm wave on 19 May 2026 published 637 malicious versions across 317 packages. We obtained the real payload (size-sensor@1.2.4, a roughly half-megabyte obfuscated Bun script) and ran it inside a Leitwacht-enforced container. Every exfil destination, primary (t[.]m-kosche[.]com, OTel-disguised) and fallback (api.github.com, PAT-authenticated dead-drop), was caught at the kernel before a byte left the runner.

1 January 1970 · Leitwacht

why-ci-runners-are-the-soft-target