defensive.works
> THE TEAMPCP FILES · ONE ATTACK PER EPISODE · EIGHT PANELS EACH

Comics.

Real cloud-security attacks, walked through one panel at a time. No metaphors stretched past their breaking point, no hand-waved fundamentals, no implied steps. The chain that broke 170+ npm packages on May 11 is not a story about clever attackers; it is a story about controls that worked exactly as designed.

> Written by R.K. Chidambaram, cloud security engineer. Same voice as the Weekly Recon.

EPISODE 01
8 panels · 60s read · published 2026-05-22 · carousel · script edition

The TanStack Heist

Cache poisoning and the trust boundary that never existed.

TeamPCP did not break trusted publishing; they borrowed it. A fork PR runs with the repo owner's permissions via pull_request_target, poisons the shared cache, and waits. Any later merge to main triggers the trusted release run that restores the poisoned bytes, and the next step in that same job reads the OIDC token from runner memory and publishes 170+ npm packages that signature-check clean. No control was bypassed. Each one ran exactly as designed.

  • TECHNIQUES pull_request_target unsafe checkout · actions/cache restore-keys collision · OIDC token theft via /proc/<pid>/mem · npm trusted publishing replay
  • SOURCE Verified against Weekly Recon issue 5 source pack · BleepingComputer · Wiz · TanStack postmortem · Ox Security · Datadog Security Labs
Read Episode 01 → Run the lab Scan your workflows Source recon TanStack postmortem