Shay Berkovich

@ramimacisabird Love the presentation, its crucial to catch the link between the waves.

🫂"hugs from TeamPCP." We're now 47 days and three rounds deep into the Checkmarx incident -- and this time TeamPCP left a message for victims in `~/hugs_from_teamPCP.txt` Things appear mitigated, but waiting to see if rotation was a bit more atomic this time 🤞

List of most popular/active public repos on GitHub - April edition: - @openclaw hype is over? - @Microsoft GenAI tutorials are back to the first place - April normalized to AI models and established learning resources

Preliminary exploit detections for Copy Fail (CVE-2026-31431) based on our tests (these work best in combination): 1. "NET: Registered PF_ALG protocol family" in kern.log & syslog 2. curl for "copy[.]fail/exp" (if attacker is lazy) 3. su record without invoking user in auth.log

Did somebody manage to use it as a container escape from a non-priv container?

Fork commits keep showing up in supply chain attacks (tj-actions, reviewdog, TeamPCP). But, I keep seeing incorrect explanations in incident threads/blogs So I built a microsite to cut through the confusion 🔗in🧵

Another interesting point - the first non-AI repo is only 6th place.

Monthly list of most popular/active public repos on GitHub: - @openclaw keeps the first place (although its half pace comparing to February) - Rise of the personal claude skills and harnesses over official anthropics/skills - karpathy/autoresearch - fast-breaker

Turns out # of forks is a great metric of repo popularity. Here is the most popular/forked repos of Feb 2026. Of course, #OpenClaw is leading the pack:

@blackroomsec Any feedback is welcome, please DM or slack! Planning additional updates meanwhile.

Wiz is building their own framework with TTPs geared especially for SDLC with 70 to start as MITRE fell a little short and couldn't model specific threats like Shai Halud (the colloquial name for the recent node JS repository attacks), properly. Guess I have some SOPs to update this week. Looks really good. wiz.io/blog/sitf-sdlc…

@GrahamHelton3 This is great research @GrahamHelton3 . Couldn't find it in the blog - is the command execution possible with node/proxy:list or node/proxy:watch?

Excited to disclose my research allowing RCE in Kubernetes It allows running arbitrary commands in EVERY pod in a cluster using a commonly granted "read only" RBAC permission. This is not logged and and allows for trivial Pod breakout. Unfortunately, this will NOT be patched.

UPDATE: Shai-Hulud 2.0 has a long tail, and it may have led to $7M in crypto theft. Earlier today, our update laid out how sha1-hulud may have caused the Trust Wallet incident. Trust Wallet just announced the same conclusion 📷Read our analysis >> wiz.io/blog/snipping-…

Or extend their PAT revocation API to cover other token types: #revoke-a-list-of-credentials" target="_blank" rel="nofollow noopener">docs.github.com/en/rest/creden…

With #shaihulud2 refuses to die with the long tale of infections (117 new compromised machines in the last 72 hours, most of them form @Cursor IDE), all @github has to do is disable the gho_ tokens of the super-spreaders (last 2 active spreaders are Cpreet and moh-abed).

🪱sharing more on sha1-hulud w/@sshaybbc * 2 packages == ~60% of infections * 400k unique secrets in truffleSecrets.jsons, only 2.5% verified, & the majority of those short lived JWTs for GitHub Actions! * 3/4 of impacted workloads were CI/CD, 1/4 were users 🔗below

Second part of our research on secret leaks In AI.

@brankopetric00 I would advise to go with EKS pod identity rather than IRSA.

A penetration tester got root access to our Kubernetes cluster in 15 minutes. Here's what they exploited. The attack chain: - Found exposed Kubernetes dashboard (our bad) - Dashboard had view-only service account (we thought this was safe) - Service account could list secrets across all namespaces - Found AWS credentials in a secret - Used AWS credentials to access EC2 instance profile - Instance profile had full Kubernetes admin via IAM - Used kubectl to create privileged pod - Escaped to node - Root access to entire cluster What we thought we did right: - Dashboard was read-only - Secrets were encrypted at rest - Network policies were in place - Regular security updates What we missed: - Dashboard shouldn't be exposed at all - Service accounts need principle of least privilege - Secrets shouldn't contain AWS credentials (use IRSA instead) - Pod Security Policies weren't enforced - Node access wasn't hardened The fix took 2 weeks: - Removed Kubernetes dashboard entirely - Implemented IRSA for all pod AWS access - Applied strict PSPs/Pod Security Standards - Audit all RBAC permissions - Regular penetration testing Cost: $24K for the pentest Value: Prevented what could have been a catastrophic breach

@adnanthekhan At the end we need an attribution to stop this crazy attack sequence, I'd love to see more publications around the actor behaviour and to see GH doing more.

@sshaybbc I would say yes, because an unskilled actor may get privileged cloud access and not know what to do with it or fail spectacularly and get evicted even with AI. Perhaps you have better insight on any cloud incidents that resulted from S1ngularity or Shai-Hulud?

The "sophistication" of the Shai-Hulud #npm #malware is quite overblown. The attacker: - Can prompt AI (likely) - Knows how to use tools like nord-stream to dump secrets - Has basic GitHub knowledge Clever? yes. Sophisticated? No.

@adnanthekhan No cloud impact so far, but the abuse of the cloud access is an incremental evolution step that this actor seems to demonstrate with every attack. Given the likely pool of cloud creds they have now I won't be surprised...