Or extend their PAT revocation API to cover other token types:

With #shaihulud2 refuses to die with the long tale of infections (117 new compromised machines in the last 72 hours, most of them form @Cursor IDE), all @github has to do is disable the gho_ tokens of the super-spreaders (last 2 active spreaders are Cpreet and moh-abed).

🪱sharing more on sha1-hulud w/@sshaybbc * 2 packages == ~60% of infections * 400k unique secrets in truffleSecrets.jsons, only 2.5% verified, & the majority of those short lived JWTs for GitHub Actions! * 3/4 of impacted workloads were CI/CD, 1/4 were users 🔗below

Second part of our research on secret leaks In AI.

And no AI usage this time 😉

Re- #Shai_Hulud attack - its disturbing to see the evolution of the attacker. Comparing to #s1ngularity attack, new elements added: - Worm-able nature of the exploit - Better automation of the secret scan - Bundling of the secrets for exfiltration with tojson(secrets)

More from me on s1ngularity, the Nx supply chain attack. We @wiz_io took advantage of the break in attacker activity to break down: * overall impact * efficacy of the AI usage (not great!) * TTPs and investigation breadcrumbs we've seen to date * our work to notify victims

😱Imagine waking up to see all your private github repositories were published publicly ... That's what happened overnight for >400 users/orgs and >5000 repositories s1ngularity (the Nx supply chain attack) continues to bear fruit for attackers. Rotate ASAP!

In light of recent GitHub Actions incidents (Ultralytics, tj-actions...), I wrote up a practical guide to hardening for @wiz_io Covers permissions, secrets, 3rd-party Actions, ++ Use it to avoid learning these lessons the hard way: https://t.co/vpokCyGmYz

🔍IT'S HERE: #ExfilCola, our cloud IR security CTF challenge!🥤 Your mission: - Investigate the cloud environment logs - Research the compromised machines - Secure the files and save the day ⏰ The Cloud Hunting Games are live >> https://t.co/MaTZeY0DpM

Re #IngressNightmare - until yesterday, there have been only one Critical and 12 Highs in K8s according to official CVE feed[ https://t.co/gEBSokNjPa] (since 2017). Its 2 and 15 now. This is big.

😺 Cat's out of the bag We've updated our blog post on the `tj-actions` / `reviewdog` incident to disclose the target. We also have new details on the root cause of the `reviewdog` element. h/t @sshaybbc for a ton of leg work here

Check this out before #KubeCon - we analyzed a huge amount of clusters to get some interesting security stats, like the adoption of the new EKS authentication mode. Hint - its low. Details inside 👇

As Rami McCarthy pointed out in our blog ( https://t.co/wGKuFZmvZN), we believe reviewdog/actions-setup@v1 might have been (one of ?) the culprits behind the original tj-action compromise. We reported our findings to reviewdog maintainers yesterday (GHSA-qmg3-hpqr-gqvc).

tj-actions - saga continues... 🍿 Based on our analysis, here's the current map of compromised actions:

🔥 You can now add TruffleHog to Burp Suite! 🌐 Install it directly from the BApp Store 🔍Scan web traffic for live, verified credentials—active & exploitable Because secrets don’t just leak in code… 😬 Big Thanks to @PortSwigger ! 🙌 🔗 https://t.co/1fZKNgJUKC

Most frequent languages in private vs public GitHub repos (Java - the most common compiled language - is only 8th):

Some interesting stats inside. Here are couple teasers - GitHub Apps permission scopes (second and third are dangerous scopes):

Thrilled to finally share this—one of the coolest container escapes I’ve seen! 🔥 https://t.co/tXRRmJhMke A subtle logic bug that lets you break out to the host on ANY NVIDIA GPU-supported container 🤯 Can’t believe we had to sit on the technical details for so long! Incredible

🚨 Supply chain attack alert: The curious case of #Ultralytics. A #GitHub Action compromise led to the release of malicious versions (8.3.41, 8.3.42) of the popular Ultralytics Python package, embedding a cryptominer into systems via PyPI.