Six Accounts, One Actor: Inside the prt-scan Supply Chain Campaign

The report describes a six-wave, AI-augmented campaign (over 500 malicious PRs, >475 in a 26-hour burst) abusing GitHub's pull_request_target workflow to exfiltrate GITHUB_TOKEN and other secrets, enumerate repository and cloud metadata, and—when possible—publish malicious npm package versions. The attacker used multi-stage payloads (EXFIL/RECON/DISPATCH/LABEL_BYPASS/DELAYED), language-aware injection points, and automation, but achieved an overall success rate under 10% with confirmed compromises of at least two npm packages and observed theft of AWS, Cloudflare, and Netlify credentials; the report includes IOC lists and mitigation recommendations.