GitHub: "We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity."
This is bad. If they came out announcing this, without a long winded explanation and further details, it's because they're staring at a bottomless pit and they haven't put the lid on it yet.<p>For a Fortune 100, to go out of your way to spook investors is the least desirable approach.
Is Twitter/X the right channel to announce a <i>security</i> event like this?<p>I ask because I don’t see anything posted on their official blog or status page.<p><a href="https://github.blog/" rel="nofollow">https://github.blog/</a><p><a href="https://www.githubstatus.com/" rel="nofollow">https://www.githubstatus.com/</a>
Sympathy to engineers and everyone at github, it's good that they're being open even if findings are limited. I'm sure they will figure out the root cause and will publish results to be a learning experience for everyone else
The security issue aside, seeing more companies push announcements like these on X as the only official source is a trend I'm not sure I like.<p>I can understand the rationale, this feels lighter and not something that belongs on status.github.com or the blog. Maybe what's actually missing is an official channel for ephemeral stuff on a domain they own, somewhere between a status page and a tweet? Just sharing an observation.
non-twitter link: <a href="https://xcancel.com/github/status/2056884788179726685#m" rel="nofollow">https://xcancel.com/github/status/2056884788179726685#m</a>
- Use Static analysis for GHA to catch security issues: <a href="https://github.com/zizmorcore/zizmor" rel="nofollow">https://github.com/zizmorcore/zizmor</a><p>- set locally: pnpm config set minimum-release-age 4320 # 3 days in minutes <a href="https://pnpm.io/supply-chain-security" rel="nofollow">https://pnpm.io/supply-chain-security</a> for other package managers check: <a href="https://gist.github.com/mcollina/b294a6c39ee700d24073c0e5a4e93104" rel="nofollow">https://gist.github.com/mcollina/b294a6c39ee700d24073c0e5a4e...</a><p>- add Socket Free Firewall when installing npm packages on CI <a href="https://docs.socket.dev/docs/socket-firewall-free#github-actions" rel="nofollow">https://docs.socket.dev/docs/socket-firewall-free#github-act...</a>
The only way to 'harden your github actions' is to not use github actions.
Thanks for making me aware of zizmor, just ran and fixed all issues on our core repos.
You also need to make sure you take care using PR titles and descriptions in your GHA because if they contain `text` it *may be executed lmfao.<p>edited: not "will", may depending on your GHA
Can you cite this? It's not YAML execution syntax, surely Github doesn't do it, the only vector I can see is if you put it unquoted into a shell script inside of a GHA yaml.
<a href="https://github.com/orgs/community/discussions/27065" rel="nofollow">https://github.com/orgs/community/discussions/27065</a><p><a href="https://stackoverflow.com/questions/77090044/github-actions-adding-to-issue-title-breaking-with-backticks" rel="nofollow">https://stackoverflow.com/questions/77090044/github-actions-...</a><p><a href="https://www.praetorian.com/blog/pwn-request-hacking-microsoft-github-repositories-and-more/" rel="nofollow">https://www.praetorian.com/blog/pwn-request-hacking-microsof...</a><p>All you need is user content containing `backticked`, and a github action referencing that via eg "github.event.issue.title" where the shell would normally execute `backticked` as a command (like echo, cat, etc).
I think he means template-injection -- <a href="https://woodruffw.github.io/zizmor/audits/#template-injection" rel="nofollow">https://woodruffw.github.io/zizmor/audits/#template-injectio...</a>
Maybe zizmor could catch this <a href="https://github.com/zizmorcore/zizmor" rel="nofollow">https://github.com/zizmorcore/zizmor</a> but not sure 100%
<a href="https://pbs.twimg.com/media/HItbXhvW4AAMD8W?format=jpg&name=orig" rel="nofollow">https://pbs.twimg.com/media/HItbXhvW4AAMD8W?format=jpg&name=...</a><p>All of their repos have been copied and are up for sale. Attackers are TeamPCP, the creators of the Shai-Hulud malware.
Time to switch to Gitlab, Bitbucket or self-hosted
"Someone broke into our house and we have no clue if they're still hiding under the bed or in the drawer. TV is gone."
Are they required to announce that they're being hacked in real time?
Is it just me or is this happening way more frequently in the last 4 or 5 months? Coincidently around the same time the models got a lot more capable?
I think AI has helped to a degree. I think a <i>lot</i> of people have known about massive gaps in security, but it's been a sort of "why would I?" and a gap that didn't feel worth hopping for attackers.<p>The gap is smaller now.<p>I've been talking about package worms for... fuck, a decade. Insane. I've even thought about publishing one to prove a point but, well, it's illegal obviously. And ethically questionable.<p>Someone just vibecoded up what we've all known was possible for a long, long time. Just like a lot of other vibe coded projects.<p>I remember talking to a malware author a long time ago and I think this would have been exactly what he would have loved. He liked building custom C2 protocols, tiny malware, etc, but when we discussed a particular idea for owning massive amounts of infrastructure his response was basically "that's a lot of effort to get a krebs article and FBI attention". Now it's not so much effort!
It's more likely that it isn't coincidental at all: software development-oriented LLMs became a lot better towards the end of 2025, and so there's a non-zero chance that people are using them to find new security exploits.<p>(People are not sleeping on this and it is not something people have failed to notice. I don't use LLMs at all and even <i>I</i> have noticed it - largely because there is approximately nobody that isn't talking about it.)
There is a 100% chance that people are using LLMs to find vulnerabilities and build exploits. If it was possible for something to be a 101% chance, that's what it would be.
Apologies to all - I am British. The phrase "non-zero" does cover every case other than zero, but the intent is that it covers some cases more than others. What I'm trying to say is: yes. My intent was just to push back on this specific (and slightly bizarre to me) instance of kind-of-vagueposting, to my eyes written to imply that it might be some sort of unnoticed conspiracy, detectable only by the most enlightened of observers, attuned to the subtle signals that most people miss: that people are using LLMs to find security exploits.
I think the other side is much more important. With company mandates to use AI as much as possible, there has been a deluge of low-quality PRs. Everybody is feeling tired from reviewing those, and quite possibly numerous security issues have been introduced since.
Ahh, that's a good point, and I actually hadn't thought of that angle! I was thinking of it purely from the point of view of the attackers using LLMs to generate interesting new exploits, with a side helping of letting myself get mildly annoyed, possibly incorrectly, by the writing style.<p>But yes, it's also possible the defenders have been kind of forced into having the slop machine shit out a huge pile of shit-ass changes, one way or another, that end up making the attackers' job even easier. (Even assuming no mechanisation at their end! Which is of course in nearly-June of 2026, probably unrealistic. And LLMs do appear to be really quite good at that side of the equation...)
The most dangerous is where the new feature works well and is using safe APIs, but integration is quietly broken somewhere. The risk of incoherent state is way higher because you no longer have a small set of people that knows the complete theory of the software and can find discrepancies.
I heard an engineer at Anthropic was submitting 150 PRs per day. That's one PR every 5 to 10 minutes, so you can guess the level of review and quality control involved.
[dead]
I think it's more about the popularity than the capability. The chances you might accidentally put a Github access token into an undesired security context goes up dramatically when you actually create and use one on a regular basis. The developers at GH are certainly using these tools just like the rest of us.
[flagged]
between all the Linux LPEs and Claude's known security flaws, alone, I'd be shocked if Github and Microsoft hadnt gotten hacked by now. reasonable bet we mainly hear it when big shops get bit
Before 2026 I hosted client code on GitHub, now it feels suboptimal, code is both an intellectual property asset and security risk. Especially if the company is software based, self-hosting your code just has a much better risk profile for almost no cost.<p>It's also one of those things that warms your team up and gets them ready for actual work, a team that has to self host their git and other infra, like self-hosting DNS servers with bind, will have a much better work ethic than engineers who click buttons on a SaaS and conflate their role as users of a system instead of admins of one.<p>Additionally, using github actions, and relying on Pull Requests (Tm) (R) (C) has always been (useful) vendor lock in (and a security risk in case of GH Actions). It wasn't enough to lock down a choice, but it tilts the balance in favour of less dependencies, which with the increase of CVEs and supply chain vulns, seems to be the name of the game for this new era. Build it in house, ignore the dogma.
Mythos has broken containment