Attackers Harvest Developer Secrets From Workstations

Three separate campaigns targeting npm, PyPI and Docker Hub over a 48‑hour period focused on stealing credentials from developer environments and CI/CD systems. Security researchers tracked activity tied to operations including TeamPCP and Shai‑Hulud that collected API keys, cloud credentials, SSH keys, tokens and configuration files from developer machines and automation systems.

The attackers used compromised packages, infected tooling and malicious workflows to gather secrets and contextual data from local repositories, .env files, shell histories, browser sessions, npm configuration files and cloud profiles. Those credentials were then used to access source control, package registries, cloud accounts and CI workflows.

Researchers noted that developer workstations often store repositories, build scripts and authentication tokens in one place. A token found near a Git remote, deployment script or CI configuration can indicate how and where that credential can be used. In one campaign, GitHub credentials taken from developer environments appeared to grant administrative access to repositories and CI workflows, exposing large numbers of secrets across public and private systems.

The level of access available on a typical developer laptop can affect software delivery. Registry tokens can push package updates, GitHub tokens can modify repositories or trigger workflows, and cloud profiles can reveal infrastructure controls. CI/CD credentials and local build configurations may allow changes to build or deployment behavior.

Automation shortened the window between compromise and impact. Dependency update bots, automated merge rules and CI pipelines can merge and execute changes in minutes. Researchers also documented cases where AI coding assistants and automation agents read local files, ran commands and moved context between systems, exposing sensitive data in prompts, logs or tool outputs.

Security teams continue to use repository scanning, branch protection, CI/CD policy enforcement, artifact signing, dependency analysis and runtime defenses to manage risk at shared systems. Analysts reported that those downstream controls can be bypassed when credentials are already harvested from developer machines, because the compromise occurs before code reaches repositories or registries.

Some security teams recommend identifying which credentials are usable from developer workstations, limiting credential scope and lifetime, and ensuring rapid revocation and rotation when compromise is suspected. Teams also advocate detecting and blocking sensitive material before it is committed, logged in CI or sent to external services, and combining preventive blocking, contextual warnings and telemetry to reduce exposure.

Several groups described the developer workstation as a local boundary where code, credentials and automation first meet. That boundary includes the IDE, terminal, Git client, package manager, container tooling, cloud CLI, local build system, secrets handling practices, AI assistants and automation agents. Analysts and security teams are coordinating across endpoint, application, identity, platform and cloud functions to address credential‑harvesting activity before it reaches shared systems and production infrastructure.