The GitHub Leak Situation Just Got Worse | Threat Wire

The GitHub Leak Situation Just Got Worse | Threat Wire

MediaVideo
Yanac

⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️

@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev

Want to work with Ali? hak5@endingwithali.com

[❗] Join the Patreon→ https://patreon.com/threatwire
00:00 0 – Intro
00:00 1 – Can We Trust Github Automation?
03:48 2 -When Your AI Tools Turn Against You
06:20 3 – BSides
7:320 4 – Outro

LINKS
🔗 Story 1: Megaldon
https://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/
https://www.ox.security/blog/megalodon-cicd-malware-github/
https://www.hudsonrock.com/blog/infostealers-just-spawned-a-5000-repo-github-supply-chain-attack
🔗 Story 2: VSCode Extension Attack
https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/
https://github.blog/security/investigating-unauthorized-access-to-githubs-internal-repositories/
https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w
🔗 Story 3: BSides
https://lachlan.nz/blog/the-react2shell-story/
https://www.helpnetsecurity.com/2026/05/19/discord-voice-and-video-call-encryption/
https://discord.com/blog/every-voice-and-video-call-on-discord-is-now-end-to-end-encrypted
https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github
https://www.securityweek.com/1password-teams-with-openai-to-stop-ai-coding-agents-from-leaking-credentials/
https://1password.com/blog/1password-trusted-access-layer-for-openai-codex
—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Community → https://www.hak5.org/community
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
____________________________________________

Founded in 2005, Hak5’s mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.Hak5Read More