Skip to content

feat: add post - node-ipc DNS-tunneling supply chain attack (May 14, 2026)#1295

Merged
bobbyonmagic merged 1 commit into
mainfrom
post/node-ipc-dns-exfil-supply-chain-may-2026
May 22, 2026
Merged

feat: add post - node-ipc DNS-tunneling supply chain attack (May 14, 2026)#1295
bobbyonmagic merged 1 commit into
mainfrom
post/node-ipc-dns-exfil-supply-chain-may-2026

Conversation

@bobbyonmagic
Copy link
Copy Markdown
Collaborator

@bobbyonmagic bobbyonmagic commented May 22, 2026

New post covering the May 14 node-ipc compromise and the novel exfil technique (DNS TXT queries instead of HTTP).

Angle: most supply-chain defensive posts stop at HTTPS egress allowlisting + lockfile pinning. node-ipc demonstrates that DNS is the next exfil channel attackers are picking up. Concrete defenses: CoreDNS allowlist for CI runners, Athena query against Route 53 Resolver logs, Cloudflare Gateway TXT regex rule.

Includes the rotation playbook for anyone who ran a bad version.

OG image generated.

@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented May 22, 2026
edited
Loading

Deploying devops-daily with  Cloudflare Pages  Cloudflare Pages

Latest commit: 255b4c3
Status: ✅  Deploy successful!
Preview URL: https://f77280db.devops-daily.pages.dev
Branch Preview URL: https://post-node-ipc-dns-exfil-supp.devops-daily.pages.dev

View logs

@bobbyonmagic bobbyonmagic merged commit 461ddd0 into main May 22, 2026
4 checks passed
@bobbyonmagic bobbyonmagic deleted the post/node-ipc-dns-exfil-supply-chain-may-2026 branch May 22, 2026 20:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bobbyonmagic