Supply chain attacks target GitHub Actions, Gravity Forms, npm

Welcome to this week’s edition of Chainmail: Software Supply Chain Security News, which brings you the latest software security headlines, curated by the team at ReversingLabs (RL).

This week: New supply chain attacks have been spotted in GitHub Actions, Gravity Forms and npm. Also, what the White House’s new AI Action Plan means for software supply chain security.

This Week’s Lead Story

Supply chain attacks target GitHub Actions, Gravity Forms, npm

Researchers at Armis Labs have uncovered active exploitation campaigns targeting three widely used tools: GitHub Actions, the Gravity Forms WordPress plugin, and npm. These attacks, which span continuous integration/continuous development (CI/CD) processes, web applications, and developer dependencies, show the increasing sophistication of threat actors who now routinely exploit not only the trust developers place in commonly used components, but also in development infrastructure.

One of these malicious campaigns targeted GitHub Actions, a CI/CD feature in GitHub that allows developers to use scripts that automate this process. Initially, the threat actor behind this campaign targeted a GitHub Action called reviewdog/action-setup@v1 by replacing the version tag associated with it in order to point it to the attackers’ malicious code. Later on, attackers then gained a personal access token that allowed them to write access to tj‑actions/changed‑files and compromise every version of it. These modified actions were used in more than 23,000 public GitHub repositories between November 2024 and March 2025, allowing attackers to stealthily extract environment variables, credentials, and tokens from CI workflows.

Similar tactics were observed elsewhere. Attackers were able to get their hands on developer credentials that they used to poison UAParser.js, a widely used npm package downloaded more than 16 million times per week, which distributed malware to users. Meanwhile, in early July, attackers injected secret backdoor code into multiple versions of the Gravity Forms plugin. 

In each of these malicious campaigns, adversaries leveraged some of the software supply chain’s most trusted tools to bypass traditional perimeter defenses. (Dark Reading)

This Week’s Headlines

What the AI Action Plan means for software security

Last week, the White House released an “AI Action Plan,” which incorporates language that addresses software supply chain security concerns specific to the AI threat landscape. The White House is calling on leading AI developers to proactively protect their innovations from insider threats, malicious actors, and cyberattacks — underscoring the importance of public-private collaboration in fortifying the foundations of AI systems. The new plan mandates that AI used in safety-critical and homeland security applications be Secure by Design and resilient, capable of detecting adversarial behavior such as data poisoning or model evasion attacks. (The White House)

Lazarus turns open-source into a weapon in espionage push

A new report from Sonatype exposes the continued efforts of the North Korea–backed Lazarus Group, which for the past several months has been embedding malware into legitimate-looking npm and PyPI packages, turning trusted open-source tools into covert espionage implants. Between January and July 2025, Sonatype blocked 234 unique malicious packages, affecting over 36,000 potential developer victims. Many of the packages leveraged typosquatting or combo‑squatting to emulate popular libraries, and deployed multi-stage payloads including credential stealers, keyloggers, and persistent backdoors. Also concerning: More than 90 packages were purpose-built to exfiltrate secrets. (SiliconAngle)

OWASP releases GenAI Incident Response Guide

The Open Worldwide Application Security Project (OWASP) GenAI Incident Response Guide makes clear that AI-driven risks have exploded, with several of them impacting the security of software supply chains. With GenAI increasingly being combined with software pipelines and enterprise infrastructure, the guide identifies real-world exploits that utilize GenAI, and provides a layered diagnostic framework. Exploits include MathGPT’s code execution flaw, where attackers leveraged prompt injection to access environment variables and API keys. Similarly, the “Echoleak” exploit in Microsoft Copilot highlighted how prompt injection can become a zero-click threat vector, allowing attackers to exfiltrate sensitive data by embedding malicious inputs in seemingly harmless emails. (OWASP)

Survey surfaces multiple persistent DevSecOps challenges

A newly released survey of 250 senior IT and security leaders based in North America shows a troubling picture for DevSecOps maturity. According to the report, 62% of respondents admitted they sometimes knowingly release vulnerable code to hit delivery deadlines — a reminder of how speed continues to outrun security. But there’s some good news: In another survey of security leaders conducted by the Futurum Group, nearly all organizations said they’re prioritizing software supply chain security initiatives, with DevSecOps orchestration, SCA, DAST, and API security high on the list. That same survey also found that 30% reported plans to roll out SBOM pilots within the next two years. (DevOps.com) 

The Best of RL

Blog | Black Hat 2025: 9 must-see talks

Another Hacker Summer Camp is almost here — and if you’re attending, you want to make the most of it. Here is a shortlist of talks. (Check Them Out)

ConversingLabs | Security Badging Open-Source Projects

Host Carolynn van Arsdale interviews Kadi (Grigg) McKean , Community Manager at RL, to discuss a new initiative aimed at securing the open-source software supply chain: the Spectra Assure Community Badge. (Watch Here)

Webinar | From Static Trust to Dynamic, Verified Trust

Tuesday, August 19 at 11am ET

In this webinar, we’ll explore how adding identity intelligence to your software supply chain provides deeper visibility and accountability, featuring Valdet Camaj , Co-Founder of Umbrella Security Operations, and Christian Bartels , ex-CISO and head of sales at Elimity. (Save Your Seat)

For more insights on software supply chain security, keep learning with the RL Blog.