Supply chain attacks are not new. What is new is watching a single malware family — Miasma — jump from npm packages to Go modules to GitHub Actions workflows in a matter of weeks. When the blast radius crosses language ecosystems and infects the CI/CD pipeline itself, the traditional response of “audit your dependencies” is necessary but no longer sufficient. Today’s brief also covers the first-ever wild exploitation of PTC Windchill, a fresh espionage cluster operating across Southeast Asia, and macOS malware that weaponizes prompt injection against the analyst’s own AI tools.

In the News

Miasma Supply Chain Malware Expands from npm to Go and GitHub Actions

The Mini Shai-Hulud/Miasma malware family has escalated from a single-ecosystem nuisance to a multi-platform supply chain threat. Originally documented in poisoned npm packages, Miasma has now been identified in Go modules and GitHub Actions workflows, executing malicious code during build pipelines rather than at application runtime. The mechanism is straightforward and effective: compromised packages run install scripts or post-build hooks that exfiltrate environment variables, CI/CD secrets, and cloud credentials before a single line of the developer’s application code executes.

This matters because the attack surface is the pipeline, not the application. A developer who never imports the poisoned package directly can still be compromised if a transitive dependency pulls it in, or if a GitHub Actions workflow references a compromised action. The trust model that underpins open source — developers assume packages do what they claim — is the exact model Miasma exploits.

The cross-ecosystem jump is the significant escalation. npm and Go have fundamentally different package management architectures, dependency resolution mechanisms, and community review processes. Miasma’s operators have adapted their payloads to each, indicating a deliberate and resourced campaign rather than opportunistic poisoning. Organizations building software on any of these platforms need software composition analysis that covers not just application dependencies but CI/CD workflow definitions and action references.

What defenders should do: Audit GitHub Actions workflows for references to third-party actions that are not pinned to specific commit SHAs. Implement SBOM generation and dependency auditing at the pipeline level, not just at build output. Monitor CI runner environments for unexpected outbound connections during build execution. MITRE ATT&CK: T1195.002 — Supply Chain Compromise: Compromise Software Supply Chain.

CL-STA-1062 Espionage Cluster Deploys TinyRCT Backdoor Across Southeast Asia

Palo Alto Unit 42 published details on CL-STA-1062, a previously untracked espionage cluster targeting government and critical infrastructure entities across Southeast Asia. The group deploys a custom backdoor called TinyRCT — a lightweight remote control trojan designed for long-term, low-noise persistence. The toolkit is hybrid: bespoke implants sit alongside living-off-the-land binaries (LOLBins), making attribution and detection more difficult.

TinyRCT is purpose-built for data exfiltration with a small footprint. The backdoor communicates over encrypted channels using irregular beaconing intervals — a pattern specifically designed to evade time-based anomaly detection. CL-STA-1062’s targeting of government entities and critical infrastructure in APAC places this squarely in the state-sponsored espionage category, though Unit 42 has not published a formal nation-state attribution.

For organizations with operations, supply chains, or government contracts in Southeast Asia, this is actionable intelligence. The use of LOLBins means endpoint detection must rely on behavioral analytics — process lineage, command-line argument analysis, anomalous parent-child process relationships — rather than signature matching alone.

What defenders should do: Deploy network detection capable of identifying low-frequency encrypted beaconing patterns. Review endpoint telemetry for anomalous use of native system utilities (PowerShell, certutil, wmic) by processes with unusual parent chains. MITRE ATT&CK: T1059.001 — Command and Scripting Interpreter: PowerShell, T1071.001 — Application Layer Protocol: Web Protocols.

PTC Windchill RCE CVE-2026-12569 — First Wild Exploitation of PLM Platform

CISA added CVE-2026-12569 to the Known Exploited Vulnerabilities catalog after confirming active exploitation of a remote code execution flaw in PTC Windchill. This is the first-ever confirmed in-wild exploitation of the Windchill platform — a product lifecycle management (PLM) system deployed across manufacturing, aerospace, defense, and engineering organizations to manage CAD files, bills of materials, and engineering change orders.

The significance is less about the vulnerability mechanics and more about where Windchill sits in the network. PLM servers typically reside in engineering networks that bridge corporate IT and operational technology environments. These networks are frequently flat, with minimal segmentation between the PLM server, CAD workstations, and production floor systems. A compromised Windchill instance provides an attacker with a pivot point into OT-adjacent infrastructure — exactly the kind of lateral movement path that IT/OT segmentation is designed to prevent.

What defenders should do: Patch CVE-2026-12569 immediately. If engineering change control processes prevent immediate patching, implement network segmentation to isolate the Windchill server from both corporate IT and OT networks. Deploy IPS signatures as a compensating control. Audit access logs for anomalous authentication or command execution on the Windchill server. MITRE ATT&CK: T1190 — Exploit Public-Facing Application.

Gaslight macOS Malware Weaponizes Prompt Injection Against AI Analysis

A new Rust-based macOS infostealer called Gaslight embeds prompt injection payloads directly in its binary to sabotage AI-assisted malware analysis tools. When an analyst’s AI copilot processes the sample — whether through automated triage or manual query — the injected prompts instruct the language model to classify the file as benign, report “no malicious indicators found,” or refuse analysis entirely.

This is adversarial AI applied in reverse. Rather than using AI to generate attacks, the malware authors are targeting the AI tools defenders use to analyze threats. The implication is significant for SOCs that have integrated AI copilots into their triage workflows: if the AI is a single point of decision, prompt injection in the sample itself can blind the entire analysis pipeline.

Gaslight’s use of Rust is also notable. Rust binaries produce complex disassembly that increases the time and effort required for manual reverse engineering, compounding the evasion benefit of the prompt injection layer. The combination of language-level obfuscation and AI-targeted evasion represents a meaningful evolution in anti-analysis techniques.

What defenders should do: Ensure AI-assisted analysis tools are one input in a multi-engine pipeline, not the sole decision maker. Validate AI classifications against behavioral sandbox results and signature-based detections. Monitor for Rust-compiled unsigned binaries on macOS endpoints. MITRE ATT&CK: T1027.002 — Obfuscated Files or Information: Software Packing, T1556 — Modify Authentication Process (analysis evasion context).

Defender Action Items

  • Audit CI/CD pipelines for Miasma exposure: Pin all GitHub Actions to specific commit SHAs. Run software composition analysis against npm, Go, and workflow dependencies. Monitor build environments for unexpected outbound network connections.
  • Patch CVE-2026-12569 (PTC Windchill) immediately: If patching is blocked, segment the Windchill server from OT and corporate networks and deploy IPS signatures as a compensating control.
  • Hunt for CL-STA-1062 indicators in APAC-exposed networks: Look for low-frequency encrypted beaconing, anomalous LOLBin execution, and unusual parent-child process chains on endpoints in Southeast Asian operations.
  • Validate AI analysis pipelines against prompt injection: Test whether your AI triage tools can be manipulated by embedded prompt payloads in sample binaries. Ensure multi-engine analysis is the standard, not single-model classification.
  • Review Turla STOCKSTAY and KongTuke/Mistic IOCs: Update threat intel feeds with indicators from Google’s Turla disclosure and KongTuke/Mistic reporting.

Detection Queries

The following Splunk SPL query identifies anomalous outbound connections from CI/CD runner hosts during build execution — a key indicator of supply chain malware like Miasma exfiltrating secrets from the pipeline.

index=network sourcetype=firewall OR sourcetype=proxy
  src_ip IN ("10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16")
  dest_port!=443 dest_port!=80
  [| inputlookup ci_runner_hosts.csv | fields src_ip]
| where NOT cidrmatch("10.0.0.0/8", dest_ip)
  AND NOT cidrmatch("172.16.0.0/12", dest_ip)
| stats count dc(dest_ip) AS unique_dests values(dest_ip) AS dest_ips BY src_ip
| where unique_dests > 3 OR count > 50
| sort - unique_dests

This query requires a lookup file (ci_runner_hosts.csv) containing your CI/CD runner IP addresses. It flags runners making outbound connections on non-standard ports to multiple unique external destinations — the pattern Miasma uses to exfiltrate environment variables and secrets during build hooks. False positive rate is moderate in environments with runners that legitimately pull packages from diverse registries; tune the unique_dests threshold based on your baseline.

References

Subscribe to the it-learn Brief

Get the daily cybersecurity brief in your inbox every weekday morning — news, SE angles, and detection queries.