Skip to content

Let's Data ScienceLEARN • BUILD • STAY AHEAD

News
Blog
Code Problems
Pricing
Contact

© 2026 Let's Data Science

Advertise|Terms|Privacy||Image Rights

NewsUNC6426 Escalates NPM Supply Chain To AWS Administrator

Industry Newssupply chainci cdoidcgithub actions

UNC6426 Escalates NPM Supply Chain To AWS Administrator

|March 11, 2026

7.2

Relevance Score

UNC6426 Escalates NPM Supply Chain To AWS Administrator — Photo: blogger.googleusercontent.com · rights & takedowns

UNC6426 operators leveraged a malicious postinstall (QUIETVAULT) injected into the Nx NPM framework to harvest developer GitHub personal access tokens and exfiltrate them to a public repo, within days achieving full AWS administrator privileges. Attackers used stolen PATs to compromise GitHub organizations, abused OIDC federation via NORDSTREAM to mint STS credentials, and created an AdministratorAccess IAM role.

Scoring Rationale

Rapid, practical threat showing CI/CD-to-cloud escalation in under 72 hours, limited by single-source reporting and moderate novelty.

Newsletter·Weekly · Free

Weekly AI News

A 5-minute Monday brief on AI & data science. Curated, no fluff.

Email address

No spam. Privacy.

Practice interview problems based on real data

1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.

Try 250 free problems

More AI & Data Science News

Hedge Funds Reprice AI Trade Toward Execution

Hedge Funds Reprice AI Trade Toward Execution

Letter Argues AI Is a Classroom Research Tool

Letter Argues AI Is a Classroom Research Tool

SpaceX Files S-1 Revealing xAI Details

SpaceX Files S-1 Revealing xAI Details

Google triples Gemini usage limits for Antigravity twice

Google triples Gemini usage limits for Antigravity twice

Back to News Feed

News on Let's Data Science is compiled from multiple public sources with editorial oversight. See our Editorial Standards and Corrections Policy.