docs: add 2025 software supply chain compromises to catalog

Signed-off-by: Yannis Folias <[email protected]>

Author: yfolias

community/catalog/compromises/2003/gentoo-rsync.md

@@ -16,4 +16,4 @@ responsible for serving package sources to users.
 
 ## References
 
-- https://archives.gentoo.org/gentoo-announce/message/7b0581416ddd91522c14513cb789f17a
+- [Gentoo Linux server compromised](https://www.zdnet.com/article/gentoo-linux-server-compromised/)

community/catalog/compromises/2025/changed-files.md

@@ -0,0 +1,36 @@
+<!-- cSpell:ignore exfiltrated GHSA mrrh -->
+
+# tj-actions/changed-files GitHub Action Compromise
+
+In March 2025, attackers compromised the popular GitHub Action
+`tj-actions/changed-files`, used by over 20,000 repositories to detect file
+changes in pull requests.
+
+The threat actor compromised a maintainer's credentials to manipulate Git tags,
+redirecting trusted version references to a malicious commit that executed code
+during CI/CD workflows.
+
+The injected code captured environment variables and exfiltrated secrets such as
+GitHub tokens and API credentials to an external server. This compromise
+propagated silently through automated pipelines, as many users relied on mutable
+version tags (e.g., v35, v36) instead of immutable commit SHAs, meaning their
+workflows automatically pulled and executed the malicious code.
+
+## Impact
+
+This compromise had multiple implications across the GitHub Actions ecosystem
+as thousands of repositories were possibly exposed through automate workflows,
+any CI/CD runner secrets, repository tokens or organization credentials were
+potentially at risk, and overall demonstrated how a single third-party action
+could become a high-impact attack vector within trusted build automation
+pipelines.
+
+## Type of Compromise
+
+This is an _Attack Chaining_ type of attack as the attacker combined multiple
+weak links in the software delivery process.
+
+## References
+
+- [GitHub Advisory Database - GHSA-mrrh-fwg8-r2c3](https://github.com/advisories/GHSA-mrrh-fwg8-r2c3/)
+- [Wiz.io – GitHub Action tj-actions/changed-files Supply Chain Attack (CVE-2025-30066)](https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066)

community/catalog/compromises/2025/ghost-action.md

@@ -0,0 +1,30 @@
+# The GhostAction Github Workflow Injection
+
+In September 2025, GitGuardian discovered GhostAction campaign, a large-scale
+supply chain campaign in which attackers compromised 327 GitHub user accounts
+and injected malicious workflows into 817 repositories, stealing a total of 3,325
+secrets. The malicious workflows, often titled "Github Actions Security",
+were engineered to enumerate known secret names from legitimate workflow files
+(e.g. PyPI tokens, npm tokens, DockerHub, AWS keys) and exfiltrate them via HTTP
+POST to attacker-controlled endpoints.
+
+## Impact
+
+The GhostAction campaign compromised the trust and integrity of GitHub's
+publishing pipelines, exposing sensitive credentials from hundreds of
+open-source projects. The stolen secrets, including registry tokens and cloud
+provider keys, could enable attackers to publish malicious packages, access
+private infrastructure, or escalate to broader supply chain compromises across
+ecosystems like npm, PyPI, and DockerHub. This incident highlights how
+manipulating CI/CD workflows can undermine the integrity of the entire
+open-source distribution chain.
+
+## Type of Compromise
+
+This compromise falls under _Publishing Infrastructure_ category as the
+attackers were able to compromise the underlying automation layer used to build
+and publish software.
+
+## References
+
+- [The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows](https://blog.gitguardian.com/ghostaction-campaign-3-325-secrets-stolen/)

community/catalog/compromises/2025/npm-ecosystem.md

@@ -0,0 +1,35 @@
+<!-- cSpell:ignore Shai Hulud Shai hulud -->
+
+# Widespread npm Ecosystem Supply Chain Attack
+
+The Widespread npm Supply Chain Attack, which began around September 8, 2025,
+was a multi-phased incident. The initial phase involved a phishing campaign that
+compromised maintainer accounts, leading to the injection of a
+cryptocurrency-stealing payload into dozens of popular packages (like chalk and
+debug). This was quickly followed by the discovery of the "Shai-Hulud" worm
+campaign, which used a self-propagating credential-stealing malware to
+compromise over 500 npm packages.
+
+## Impact
+
+This compromise affected hundreds of packages and potentially thousands of
+downstream applications that automatically pulled the malicious versions. The
+injected payloads allowed for credential theft, unauthorized command execution,
+and persistent access in CI/CD environments. The incident exposed the fragility
+of transitive dependency trust and underscored the urgency of enforcing 2FA for
+maintainers, signed package publishing, and dependency integrity verification
+across the npm ecosystem.
+
+## Type of Compromise
+
+The npm ecosystem is a _Malicious Maintainer_ type of attack as the attackers
+managed to gain control of npm maintainer accounts and used their privileges to
+push malicious versions of legitimate packages.
+
+## References
+
+- [Breakdown: Widespread npm Supply Chain Attack Puts Billions of Weekly Downloads at Risk](https://www.paloaltonetworks.com/blog/cloud-security/npm-supply-chain-attack/)
+- [Ongoing Supply Chain Attack Involving npm Packages](https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-093)
+- [Shai-hulud supply chain attack spreads token-stealing malware on npm](https://www.reversinglabs.com/blog/shai-hulud-worm-npm)
+- [npm Chalk and Debug Packages Hit in Software Supply Chain Attack](https://www.sonatype.com/blog/npm-chalk-and-debug-packages-hit-in-software-supply-chain-attack)
+- [Another npm Supply Chain Attack: The 'is' Package Compromise](https://www.stepsecurity.io/blog/another-npm-supply-chain-attack-the-is-package-compromise)

community/catalog/compromises/2025/nx-platform.md

@@ -0,0 +1,35 @@
+<!-- cSpell:ignore ngularity exfiltrated -->
+
+# The Nx s1ngularity Attack Leading to Credentials Leak
+
+On August 26, 2025, attackers released malicious versions of the nx and @nx/*
+npm packages (versions 20.9.0 through 21.8.0). The trojanized packages contained
+credential-harvesting malware that scanned each developer system for sensitive
+artifacts: GitHub tokens, npm keys, SSH private keys, environment variables,
+cryptocurrency wallet files, and AI tool configurations. The malware exfiltrated
+stolen credentials via double Base64 encoding and published them to over 1,400
+public GitHub repositories, each named in a "s1ngularity-repository-*" pattern
+with a single `results.b64` file containing encoded data.
+
+## Impact
+
+The Nx s1ngularity attack had an extensive impact across the open-source and
+enterprise ecosystem. In total, over 20,000 files were exfiltrated, affecting
+more than 1,700 users worldwide. The attackers leveraged stolen credentials to
+make at least 6,700 private GitHub repositories public, exposing sensitive
+source code, proprietary configurations, and credentials — some belonging to
+major organizations and high-profile projects. This extensive exposure
+underscored the cascading risk of software supply chain compromises, where a
+single poisoned package can rapidly undermine trust and security across
+thousands of interconnected development environments.
+
+## Type of Compromise
+
+This is an _Attack Chaining_ type of attack as it required multiple levels of
+compromise.
+
+## References
+
+- [Serious NX build compromise - what you need to know about the s1ngularity attack](https://www.kaspersky.com/blog/nx-build-s1ngularity-supply-chain-attack/54223/)
+- [The Nx "s1ngularity" Attack: Inside the Credential Leak](https://blog.gitguardian.com/the-nx-s1ngularity-attack-inside-the-credential-leak/)
+- [s1ngularity Nx Supply Chain Attack: AI-Driven Credential Theft & Mass Exposure](https://hivepro.com/threat-advisory/s1ngularity-nx-supply-chain-attack-ai-driven-credential-theft-mass-exposure/)

community/catalog/compromises/2025/oracle-cloud.md

@@ -0,0 +1,43 @@
+<!-- cSpell:ignore Exfiltrated exfiltrated -->
+
+# Oracle Cloud SSO and Identity Infrastructure Compromise
+
+The Oracle Cloud data breach, publicly disclosed around March 21, 2025, involved
+a large-scale compromise of authentication and identity management systems. A
+threat actor operating under the alias "rose87168" announced on the black-hat
+forum BreachForums that they had exfiltrated a significant number of records
+from Oracle Cloud's federated Single Sign-On (SSO) login servers and Lightweight
+Directory Access Protocol (LDAP) systems.
+
+The attacker claimed the initial infiltration occurred around mid-February 2025,
+possibly exploiting a vulnerability in an older, unpatched component of the
+infrastructure, such as Oracle Fusion Middleware 11G or a critical flaw in
+Oracle Access Manager (potentially related to CVE-2021-35587). The compromise is
+generally believed to have affected legacy Gen 1 servers and not the primary
+Oracle Cloud Infrastructure (OCI) Gen 2 environment.
+
+## Impact
+
+The impact was focused on the mass compromise of critical authentication data,
+significantly increasing security risks for numerous organizations. The 6
+million records stolen included sensitive credentials such as encrypted
+SSO/LDAP passwords, key files, and authentication tokens. This exposure created
+a high risk of unauthorized account takeover, corporate espionage, and lateral
+movement within affected customers' environments, particularly if the encrypted
+credentials could be cracked. Furthermore, the threat actor sought to monetize
+the breach through extortion, demanding fees from companies to remove their data
+from the leak. The incident led to CISA guidance on credential risk mitigation
+and resulted in class action lawsuits against Oracle for alleged failure to
+implement standard data security practices and timely disclosure.
+
+## Type of Compromise
+
+Even though this was not related to a software package, this is considered to be
+a _Publishing Infrastructure_ type of compromise as it originated from
+vulnerabilities within Oracle’s identity and authentication infrastructure, a
+critical part of its service publishing and access layer.
+
+## References
+
+- [CloudSEK – The Biggest Supply Chain Hack of 2025: 6M Records Exfiltrated from Oracle Cloud](https://www.cloudsek.com/blog/the-biggest-supply-chain-hack-of-2025-6m-records-for-sale-exfiltrated-from-oracle-cloud-affecting-over-140k-tenants)
+- [CVE-2021-35587 – Oracle Access Manager Remote Code Execution Vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2021-35587)

community/catalog/compromises/2025/rh-gitlab-instance.md

@@ -0,0 +1,34 @@
+<!-- cSpell:ignore exfiltrated -->
+
+# Red Hat Consulting GitLab Instance Breach
+
+In October 2025, Red Hat confirmed a security breach affecting a self-hosted
+GitLab instance used internally by its Consulting division. The threat actor
+group calling themselves Crimson Collective claimed responsibility, asserting
+they had exfiltrated approximately 570 GB of compressed data from 28,000 private
+repositories, including around 800 Customer Engagement Reports (CERs). These
+CERs often contain sensitive customer architecture diagrams, configuration files,
+authentication tokens, and infrastructure details.
+
+## Impact
+
+Attackers claim to have accessed a significant volume of sensitive consulting
+and customer data.Stolen CERs may reveal network topologies, access credentials,
+and deployment configurations for major enterprise clients. That kind of
+information could be leveraged for secondary intrusions or social engineering.
+While Red Hat has not confirmed any misuse of the stolen data, the incident
+highlights the inherent risk of third-party data exposure within vendor
+ecosystems. Red Hat emphasized that no personal data or software supply chain
+assets have been confirmed compromised at this stage.
+
+## Type of Compromise
+
+This is a _Publishing Infrastructure_ type of compromise as the compromise
+occurred within Red Hat’s internal GitLab environment, which is part of its
+development and collaboration infrastructure.
+
+## References
+
+- [Security update: Incident related to Red Hat Consulting GitLab instance](https://www.redhat.com/en/blog/security-update-incident-related-red-hat-consulting-gitlab-instance)
+- [Red Hat confirms security incident after hackers breach GitLab instance](https://www.bleepingcomputer.com/news/security/red-hat-confirms-security-incident-after-hackers-breach-gitlab-instance)
+- [Red Hat GitLab Data Breach: The Crimson Collective's Attack](https://blog.gitguardian.com/red-hat-gitlab-breach-the-crimson-collectives-attack/)

community/catalog/compromises/README.md

@@ -8,7 +8,7 @@ The goal is not to catalog every known supply chain attack, but rather to captur
 many examples of different kinds of attack, so that we can better understand the
 patterns and develop best practices and tools.
 
-For definitions of each compromise type, please check out our [compromise definitions page](community/catalog/compromises/compromise-definitions.md)
+For definitions of each compromise type, please check out our [compromise definitions page](compromise-definitions.md)
 
 We welcome additions to this catalog by [filing an
 issue](https://github.com/cncf/tag-security/issues/new/choose) or [github pull
@@ -29,6 +29,12 @@ of compromise needs added, please include that as well.
 <!-- cSpell:disable -->
 | Name              | Year               | Type of compromise    | Link        |
 | ----------------- | ------------------ | ------------------    | ----------- |
+| [Oracle Cloud SSO and Identity Infrastructure Compromise](2025/oracle-cloud.md) | 2025 | Publishing Infrastructure | [1](https://www.cloudsek.com/blog/the-biggest-supply-chain-hack-of-2025-6m-records-for-sale-exfiltrated-from-oracle-cloud-affecting-over-140k-tenants) |
+| [Widespread npm Ecosystem Supply Chain Attack](2025/npm-ecosystem.md) | 2025 |  Malicious Maintainer | [1](https://www.paloaltonetworks.com/blog/cloud-security/npm-supply-chain-attack/) |
+| [Red Hat Consulting GitLab Instance Breach](2025/rh-gitlab-instance.md) | 2025 | Publishing Infrastructure | [1](https://www.redhat.com/en/blog/security-update-incident-related-red-hat-consulting-gitlab-instance) |
+| [The Nx s1ngularity Attack Leading to Credentials Leak](2025/nx-platform.md) | 2025 | Attack Chaining | [1](https://www.kaspersky.com/blog/nx-build-s1ngularity-supply-chain-attack/54223/) |
+| [The GhostAction Github Workflow Injection](2025/ghost-action.md) | 2025 | Publishing Infrastructure | [1](https://blog.gitguardian.com/ghostaction-campaign-3-325-secrets-stolen/) |
+| [tj-actions/changed-files GitHub Action Compromise](2025/changed-files.md) | 2025 | Attack Chaining | [1](https://github.com/advisories/GHSA-mrrh-fwg8-r2c3/) |
 | [Solana Web3.js Code Injection](2024/solana_web3js.md) | 2024 | Social Engineering/Phishing Attack | [1](https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads) [2](https://x.com/0xMert_/status/1864069157257613719) |
 | [Polyfill.io Infrastructure Takeover Leading to Malware Distribution](2024/polyfill.md) | 2024 | Publishing Infrastructure | [1](https://sansec.io/research/polyfill-supply-chain-attack) |
 | [Malware Disguised as Installer used to target Korean Public Institution](2024/targeted-signed-endoor.md) | 2024 | Trust and Signing | [1](https://asec.ahnlab.com/en/63396/) |
@@ -68,7 +74,7 @@ of compromise needs added, please include that as well.
 | [NPM reverse shells and data mining](2020/nodejs.md) | 2020 | Dev Tooling | [1](https://www.bleepingcomputer.com/news/security/npm-nukes-nodejs-malware-opening-windows-linux-reverse-shells/) |
 | [Binaries of the CLI for `monero` compromised](2019/monero.md) | 2019 | Publishing Infrastructure | [1](https://web.getmonero.org/2019/11/19/warning-compromised-binaries.html), [2](https://github.com/monero-project/monero/issues/6151), [3](https://web.archive.org/web/20230630012925/https://old.reddit.com/r/Monero/comments/dyfozs/security_warning_cli_binaries_available_on/) |
 | [Webmin backdoor](2019/webmin-backdoor.md) | 2019 | Dev Tooling | [1](https://www.zdnet.com/article/backdoor-found-in-webmin-a-popular-web-based-utility-for-managing-unix-servers/), [2](http://www.webmin.com/exploit.html) |
-| [purescript-npm](2019/purescript-npm.md) | 2019 | Source Code | [1](https://www.npmjs.com/advisories/1082) and [2](https://www.npmjs.com/advisories/1082) |
+| [purescript-npm](2019/purescript-npm.md) | 2019 | Source Code | [1](https://github.com/advisories/GHSA-jxf5-7x3j-8j9m) |
 | [electron-native-notify](2019/electron-native-notify.md) | 2019 | Source Code | [1](https://blog.npmjs.org/post/185397814280/plot-to-steal-cryptocurrency-foiled-by-the-npm), [2](https://komodoplatform.com/update-agama-vulnerability/)|
 | [PyPI typosquatting](2019/pypi.md) | 2019 | Negligence | [1](https://blog.reversinglabs.com/blog/suppy-chain-malware-detecting-malware-in-package-manager-repositories) |
 | [ROS build farm compromise](2019/ros.md) | 2019 | Trust and Signing <br>Publishing Infrastructure</br> | [1](https://discourse.ros.org/t/security-issue-on-ros-build-farm/9342/8), [2](https://discourse.ros.org/t/new-gpg-keys-deployed-for-packages-ros-org/9454) |
@@ -87,8 +93,8 @@ of compromise needs added, please include that as well.
 | [HandBrake](2017/handbrake.md) | 2017 | Publishing Infrastructure | [1](https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2017/05/handbrake-hacked-to-drop-new-variant-of-proton-malware/) |
 | [Kingslayer](2017/kingslayer.md) | 2017 | Publishing Infrastructure | [1](https://comsecglobal.com/kingslayer-a-supply-chain-attack/) |
 | [HackTask](2017/hacktask.md) | 2017 | Negligence | [1](https://securityintelligence.com/news/typosquatting-attack-puts-developers-at-risk-from-infected-javascript-packages/) |
-| [NotPetya](2017/notpetya.md) | 2017 | Attack Chaining | [1](https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor/) |
-| [Bitcoin Gold](2017/bitcoingold.md) | 2017 | Source Code | [1](https://bitcoingold.org/critical-warning-nov-26/) |
+| [NotPetya](2017/notpetya.md) | 2017 | Attack Chaining | [1](https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/) |
+| [Bitcoin Gold](2017/bitcoingold.md) | 2017 | Source Code | [1](https://www.investopedia.com/news/bitcoin-gold-hack-shows-51-attack-real/) |
 | [ExpensiveWall](2017/expensivewall.md) | 2017 | Dev Tooling | [1](https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-google-play-will-hit-wallet/), [2](https://research.checkpoint.com/expensivewall-dangerous-packed-malware-google-play-will-hit-wallet/) |
 | [OSX Elmedia player](2017/elmedia.md) | 2017 | Publishing infrastructure | [1](https://www.hackread.com/hackers-infect-mac-users-proton-malware-using-elmedia-player/) |
 | [GitHub password recovery issues](2016/gh-unicode.md) | 2016 | Dev Tool <br> Source Code </br> | [1](https://bounty.github.com/researchers/jagracey.html), [2](https://dev.to/jagracey/hacking-github-s-auth-with-unicode-s-turkish-dotless-i-460n) |
@@ -110,6 +116,6 @@ of compromise needs added, please include that as well.
 | [WordPress backdoor](2007/wordpress.md) | 2007 | Source Code <br> Publishing Infrastructure </br> | [1](https://lwn.net/Articles/224997/) |
 | [SquirrelMail backdoor](2007/squirrelmail.md) | 2007 | Source Code <br> Publishing Infrastructure | [1](https://lwn.net/Articles/262688/) |
 | [Linux Kernel CVS Repository Hack](2003/kernel-repository.md) | 2003 | Source Code <br> Dev Tooling | [1](https://lwn.net/Articles/57135/) |
-| [gentoo rsync compromise](2003/gentoo-rsync.md) | 2003 | Publishing Infrastructure | [1](https://archives.gentoo.org/gentoo-announce/message/7b0581416ddd91522c14513cb789f17a) |
+| [gentoo rsync compromise](2003/gentoo-rsync.md) | 2003 | Publishing Infrastructure | [1](https://www.zdnet.com/article/gentoo-linux-server-compromised/) |
 | [Debian infra compromise](2003/debian.md) | 2003 | Publishing infrastructure | [1](https://www.debian.org/News/2003/20031202) |
 | [Unix Support Group login backdoor](1975/login-bell.md) | 1975 | Dev Tooling | [1](https://niconiconi.neocities.org/posts/ken-thompson-really-did-launch-his-trusting-trust-trojan-attack-in-real-life/) |