A very used package in the dbt ecosystem, elementary-data, was compromised in PyPI and in the project's container record after a malicious actor managed to inject code into the project's GitHub Actions workflow. The affected version is 0.23.3, which included a malicious elementary.pth file designed to run at the beginning of the Python interpreter and extract local secrets, cloud credentials, cryptomoneda wallet files and other sensitive data. The project team quickly released a clean version, element but those who already installed the 0.23.3 or used compromised images remain at risk.
According to the technical analysis available, the attacker did not need to compromise the maintenance accounts: a injection vulnerability in a copy request comment that allowed the attacker-controlled shell to be executed within a GitHub Action. This execution leaked the GITHUB _ TOKEN from the workflow, forced a signed commission and label (v0.23.3) and fired the legitimate publication pipeline, which built and uploaded both the package to PyPI and a malicious image to GitHub Container Registry, giving it the appearance of official launch. A detailed technical analysis is available in the StepSecurity report: StepSecurity - incident analysis.
The implications are multiple and serious for projects that run data pipelines or deploy containers: the software supply chain can be violated without breaking human credentials, simply taking advantage of poorly configured automation flows. In this case the threat was to automatically climb artifacts consumed in production environments, which increases the exposure surface and makes containment difficult if not detected soon.
If you manage environments that use elementary-data, containers published by the project or dependencies that are not explicitly set to versions, act with priority. Rotate all potentially exposed credentials and keys (repository tokens, SSH keys, cloud credentials, API keys, and billet phrases / files), leave out of service or revoke images with ghcr.io / elementary-data / elementary: 0.23.3 and ghcr.io / elementary-data / elementary: latest to verify integrity, and restore systems from healthy known points. In addition, it inspects machines and pipelines for unusual activity and searches for files such as elementary.pth within packages installed in virtual environments and containers; it retains logs and devices for forensic analysis before purging evidence.
To reduce future risk in your projects, check and tighten how your repositories use GitHub Actions: avoid running unreliable source code without mediation, do not use pull _ request _ target when the job needs access to credentials, limit GITHUB _ TOKEN's permissions to the minimum necessary and deactivate token persistence in actions / checkout ( persistent) where appropriate. It values the use of signed releases, signature and verification tools such as Sigstore / Cosign, and policies that require a review of workflow changes before accepting them. GitHub publishes Action Hardening Guides that should be followed: Security harassment for GitHub Actions.
Additional hygiene techniques that should be adopted are the setting of versions and verification of hashes in pipe facilities (e.g. require files of requirements with hashes), the scanning of units and containers before deployment, and the use of short-term or restricted-range tokens for automated flows. If you have not been able to confirm that your installed version is 0.21.4 or later, take commitment and act as if your secrets had been exfiltered.
At the Community level this intrusion underlines that the security of the supply chain involves both maintainers and consumers: maintaining good practices in CI / CD, reviewing comments and PRs when workflows can run code and encouraging the implementation of automatic controls for workflows are measures that protect the entire ecosystem. Security and development teams should coordinate response procedures that include detection, containment, eradication and reporting to affected third parties.
If you need quick operating steps: it confirms the version of the package (pipe show or pipe list), search for elementary.pth in the affected environments, revoke and reissue committed credentials, reconstruct containers from verified sources and update dependencies to secure versions. For more context and metrics of use of the package you can see the public statistics in PyPI Statistics: PyPI States - elementary-data. The response speed of the community was crucial in this case, but the lesson is clear: to automate safely and assume that building tools can become attack vectors if they are not properly controlled.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...