TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

IT Pro

Compromised open source package pushed malicious Elementary CLI release to developers

Ross Kelly · 2026-04-28 · Read original ↗

ATT&CK techniques detected

4 predictions
T1195.002Compromise Software Supply Chain
94%
“compromised open source package pushed malicious elementary cli release to developers compromised open source package pushed malicious elementary cli release to developers the open source elementary cli tool has more than one million monthly downloads threat actors gained access …”
T1195.001Compromise Software Dependencies and Development Tools
87%
“compromised open source package pushed malicious elementary cli release to developers compromised open source package pushed malicious elementary cli release to developers the open source elementary cli tool has more than one million monthly downloads threat actors gained access …”
T1195.001Compromise Software Dependencies and Development Tools
71%
“attack? analysis of the incident by researchers at stepsecurity found attackers exploited a script injection vulnerability in the project ’ s github actions workflow. sign up today and you will receive a free copy of our future focus 2025 report - the leading guidance on ai, cybe…”
T1195.002Compromise Software Supply Chain
58%
“attack? analysis of the incident by researchers at stepsecurity found attackers exploited a script injection vulnerability in the project ’ s github actions workflow. sign up today and you will receive a free copy of our future focus 2025 report - the leading guidance on ai, cybe…”

Summary

The open source Elementary CLI tool has more than one million monthly downloads