This week's articles
Investigating unauthorized access to GitHub-owned repositories
On May 18, a compromised employee device via a poisoned VS Code extension led to exfiltration of GitHub-internal repositories (~3,800). No evidence of customer data impact outside internal repos. Critical secrets were rotated; investigation is ongoing.
CISA Admin Leaked AWS GovCloud Keys on Github
A Nightwing contractor's public GitHub repo ("Private-CISA"), active since November 2025, exposed plaintext AWS GovCloud admin keys, Firefox-saved passwords, kubeconfig, and Artifactory credentials for CISA internal systems, with GitHub's secret-scanning protections deliberately disabled.
durabletask: TeamPCP's Latest PyPi Compromise
TeamPCP's ongoing supply chain campaign compromised PyPI package "durabletask" (Microsoft's Durable Task Python client), deploying "rope.pyz" malware with credential theft (AWS/Azure/GCP/K8s), password manager brute-forcing, shell history scraping, and worm-based lateral movement via AWS SSM and Kubernetes.
Global S3: Another C2 Channel for AgentCore Code Interpreters
AWS AgentCore Code Interpreters in Sandbox mode allow unrestricted global S3 access (including cross-account, public/presigned URLs), enabling a bidirectional C2 channel via S3 polling, demonstrated as a full reverse shell PoC. Mitigation: use VPC mode with S3 Gateway Endpoints and strict endpoint policies.
|