SANS Stormcast Wednesday, May 20th, 2026: Assume Supply Chain Compromise; GitHub Action Compromise; - SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Summary4 min read

Episode Overview

Episode Title: SANS Stormcast: Assume Supply Chain Compromise; GitHub Action Compromise
Date: May 20, 2026
Host: Johannes B. Ullrich

In this episode, Johannes Ullrich focuses on the escalation of software supply chain compromises, recent incidents affecting both open source and proprietary projects, and the urgent need for updated assumptions and practical defenses among developers, particularly around secret management and CI/CD pipelines. He also highlights notable attacks involving GitHub Actions and credential theft via Azure's self-service password reset feature.

Key Discussion Points & Insights

1. Evolving Nature of Supply Chain Attacks

Overview of Recent Incidents:
- Discussion of a summary by Ken Hartman on the Team PCP campaign and other ongoing supply chain attacks.
- Notable reference to Checkmarx being compromised multiple times, indicating a broader trend beyond isolated events.
- "This sort of has reached a new quality. And Ken also points that out is with the Tanstack compromise." [01:05]
Supply Chain Verification Standards:
- The Tanstack compromise stands out as it was SLSA Level 3 verified.
- SLSA Level 3 means not just digital signatures, but that build systems are audited and verified, raising alarms when even these processes are breached.
- "It used to be that you could say, hey, you know, if software is really verified to that level, well, you should probably trust it. But ... you must assume compromise." [02:10]

2. "Assume Compromise"—A New Baseline for Developers

Shift in Mindset Urged:
- Extends the long-standing network security principle of "assume compromise" to the software development and supply chain context.
- "I think developers ... must assume a compromise just because of the sheer number of credentials having been leaked with campaigns like the Team PCP campaign recently." [02:35]
Beyond Open Source:
- Modern attacks impact both open-source and proprietary software ecosystems.
- "This is no longer just an open source problem." [03:05]

3. Secrets & Credential Management: The Next Security Battleground

Enterprise Credential/Secret Management is Challenging:
- Acknowledges organizational difficulties: "Things like inventory and such, they sound easy but they're definitely not easy. I'm not understating this here, but it is something you definitely have to focus." [03:30]
Critical Takeaways for Defenders:
- "Number one, assume compromise. Number two, protect your credentials, protect your secrets in particular if they're being used as some kind of CI CD pipeline because ... they're probably the most vulnerable." [04:15]
Action Items:
- Must quickly rotate credentials.
- Protect their usage within CI/CD and build processes.

4. Compromised GitHub Actions: A Real-World Example

Recent Attack Described:
- Malicious manipulation of the popular "issues helper" GitHub Action, as reported by Step Security.
- "What the attacker here did also is that they relabeled all the tags. So all the different tags for prior versions are now pointing to compromised versions ... that ... exfiltrate secrets again." [04:50]
Key Insight for Defenders:
- Pinning to a specific tag/version is no longer sufficient, as tags themselves were retargeted to malicious code.
- "Locking it in on a particular tag is not going to help you here." [05:05]

5. Credential Theft via Cloud Platforms

Recent Campaigns Target Cloud Infrastructure:
- Microsoft’s recent blog post details attackers abusing Azure's self-service password reset feature.
- Attacks begin with social engineering, aiming to trick victims into approving password changes.
- "If you have two factor authentication enabled, they'll be sending you some social engineering in order to get the victim to approve the change of passwords." [05:30]
Defense Recommendations:
- Promote user education to recognize and resist social engineering.
- Audit password reset requests for signs of malicious activity.
- "Auditing of password reset requests may help a little bit here." [05:53]

Notable Quotes & Memorable Moments

On the reality of supply chain compromises:
- "You must assume compromise." — Johannes Ullrich [02:10]
On verification procedures being insufficient:
- "It used to be that you could say, hey, you know, if software is really verified to that level, well, you should probably trust it. But I think ... you must assume compromise." [02:10]
On the challenges of credential management:
- "Things like inventory and such, they sound easy but they're definitely not easy." [03:30]
On GitHub Action attacks:
- "Locking it in on a particular tag is not going to help you here." [05:05]

Important Timestamps

00:05 — Host introduction, episode focus
01:05 — Ken Hartman’s summary and notable supply chain breaches (Tanstack, Checkmarx)
02:10 — Discussion of SLSA Level 3 and the need to assume compromise
02:35 — Extension of "assume compromise" to software development
03:05 — Emphasis that proprietary software is also at risk
03:30 — Challenges of credential and secret management
04:15 — Key takeaways: importance of credential protection in CI/CD
04:50 — Details on the compromised GitHub Action (issues helper, tag manipulation)
05:05 — Limitations of pinning tags for security
05:30 — Microsoft report on Azure password reset attacks
05:53 — Defense recommendations against credential theft

Actionable Insights

Adopt a posture of presumed compromise for both network and software supply chains.
Review and strengthen enterprise credential/secret management, especially in CI/CD and build environments.
Don't rely solely on tag pinning in GitHub Actions—regularly audit dependencies and monitor for suspicious tag activity.
Educate users and audit password/account recovery actions in cloud environments to mitigate social engineering and credential theft.

(This summary covers the full substance of this episode, excluding any non-content sections. All critical points, quotes, and insights are included to help professionals and interested listeners grasp the current landscape of supply chain and credential-related security threats.)

Loading summary

Transcript1 lines

[00:05]
A
Hello and welcome to the Wednesday, May 20, 2026 edition of the SANS Internet Storm Center's Stormcast. My name is Johannes Ulrich, recording today from Jacksonville, Florida and this episode is brought to you by the Sans Edu Bachelor's degree program in Applied Cyber Security. Today's podcast if everything goes to plan, it's not that I'm sort of writing down everything, but I'm hoping to do something a little bit more focused because there are a coup really important things that I want to talk about and well, with that maybe spend a little bit less time on it, but we'll see how it goes. So really what it's all about is Ken Hartman put together a real good summary of what recently happened with the Team PCP and all of these supply chain campaigns. I mentioned some in podcasts over the last couple of weeks, for example, check marks getting compromised again couple of times. And with that also some of their products. I think this sort of has reached a new quality. And Ken also points that out is with the Tanstack compromise. Now Tanstack actually had SLSA level 3 verified components. So what this means is the software they produced was not only digitally signed, but also the systems being used to compile and basically run the build process were verified and were audited. So that's what SLSA Level 3 means. And well, it's sort of one of these software supply chain verification procedures. It used to be that you could say, hey, you know, if software is really verified to that level, well, you should probably trust it. But I think, and that's sort of really where my soapbox today a little bit starts is you must assume compromise. We're living sort of with that on the network security level for quite a while that we try to encrypt all of our data even on internal networks because we assume compromise that has been sort of introduced years ago. But I think developers and when it comes to software components, we also at this point must assume a compromise just because of the sheer number of credentials having been leaked with campaigns like the Team PCP campaign recently. And this wasn't just the only real campaign like this. We had, we had a number of different campaigns like this that stole credentials, stole GitHub access for a large number of open source projects. And even, you know, with that some more closed projects like checkmarks and such proprietary software is affected by this as well. This is no longer just an open source problem. It's I think also important to understand here when it comes to, well, with that, what are you going to do about it and I think one thing that's really, really important here is sort of that enterprise wide credential management or secret management, it's not easy. Like a lot of these things we talk about, things like inventory and such, they sound easy but they're definitely not easy. I'm not understating this here, but it is something you definitely have to focus. How are you managing your credentials? How are you able to quickly rotate them as needed? And also well, how are you protecting them as they're being used as part of your own supply chain and build processes? Definitely something where you have to look for solutions here. And that's I think sort of what I'm getting out of these recent supply chain issues. Number one, assume compromise. Number two, protect your credentials, protect your secrets in particular if they're being used as some kind of CI CD pipeline because I think that's where based on what we've seen currently, they're probably the most vulnerable. Just sticking with this here for one more topic and that's compromised GitHub actions. So the latest example here is as pointed out by Step Security, the issues helper action and that's a very popular action. And what the attacker here did also is that they relabeled all the tags. So all the different tags for prior versions are now pointing to compromised versions of this GitHub action that, well no surprise exfiltrate secrets again. So be aware. And yep, like locking it in on a particular tag is not going to help you here. Talking more about credential theft, Microsoft has a good blog post about some recent more advanced and targeted attacks that they have seen and they all start out with the attacker abusing the self service password reset feature in Azure. And if you have two factor authentication enabled, they'll be sending you some social engineering in order to get the victim to approve the change of passwords. So definitely user education may be an option here but but also some auditing of password reset requests may help a little bit here. And yes, then the goal of course is to gain access to the victim's cloud infrastructure and exfiltrate data. Well that's it for today, so thanks for listening, thanks for liking, thanks for subscribing and special thanks for anybody leaving good comments in particular sort of on your favorite podcast platform. And remember this podcast should be available via the standard podcast outlets, but also on YouTube if you enjoy a little bit more video version and also like on systems like Alexa, it should be available. Thanks and talk to you again tomorrow. Bye.