What Happened
An attacker compromised the AsyncAPI GitHub organization on July 14-15, 2026, by exploiting a pull_request_target misconfiguration in the generator repository’s GitHub Actions workflow. The pull_request_target workflow type runs in the context of the base repository with full access to repository secrets. The attacker submitted a pull request designed to trigger the workflow and execute attacker-controlled code within the privileged runner context. The stolen personal access token gave the attacker npm publishing rights to the @asyncapi namespace. The attacker published five malicious versions across four packages: @asyncapi/generator, @asyncapi/generator-helpers, @asyncapi/generator-components, and a fourth package in the same namespace.
Unlike many supply chain attacks, the malicious payload executes on import — not on install — meaning any application importing an affected package triggers the payload on startup. The payload is multi-stage: it establishes persistence, then collects browser-saved passwords and cookies from Chrome, Brave, Firefox, and Edge; SSH keys; npm tokens; GitHub tokens; AWS credentials; macOS Keychain contents; and cryptocurrency wallet files. Combined weekly downloads for the affected packages exceed 2 million. Researchers from Chainguard, OX Security, StepSecurity, and Datadog Security Labs each published advisories. A fix for the misconfigured GitHub Actions workflow had been proposed in a pull request in May 2026 and was never merged before the attack.
Why This Matters for Canadian Organizations
AsyncAPI is a widely used standard for defining event-driven and message-driven API contracts. Canadian development teams at banks, telecoms, insurers, government digital services providers, and cloud-native firms use AsyncAPI packages in their CI/CD pipelines. A build pipeline importing an affected @asyncapi package between July 14 and July 15, 2026 exposed every secret the CI runner accessed — AWS IAM credentials, GitHub repository tokens with write access to production code, Kubernetes kubeconfig files, and cloud service API keys. Attacker access to those tokens enables code injection into production pipelines, lateral movement into cloud environments, and downstream customer data exposure.
Under OSFI B-13, federally regulated financial institutions must demonstrate robust software supply chain security controls. A credential compromise originating from a build-time npm import creates exactly the class of exposure B-13 requires organizations to prevent and detect. If production code repositories or cloud environments were accessed using stolen tokens, PIPEDA breach notification obligations activate. This incident also illustrates a systemic risk: the fix for the vulnerable GitHub Actions workflow was identified and proposed months before the attack and sat unreviewed. Organizations should treat open pull requests on security-relevant CI/CD workflow files as active vulnerability disclosures.
What to Do
Audit your npm dependency lockfiles for @asyncapi packages and verify version hashes against known-good checksums published in advisories from Chainguard, OX Security, and StepSecurity. Rotate all credentials present in CI/CD environments where affected packages ran between July 14 and July 16. Audit your GitHub Actions workflows for pull_request_target configurations where untrusted pull request code executes inside a privileged workflow context. Apply least-privilege principles to all CI/CD tokens — scope each token to only the permissions required for its specific pipeline step. Review open pull requests touching security-sensitive workflow configurations across your GitHub organization and establish a review SLA for any PR modifying Actions files with access to secrets.
Source: The Hacker News






