Shay Berkovich

Turns out # of forks is a great metric of repo popularity. Here is the most popular/forked repos of Feb 2026. Of course, #OpenClaw is leading the pack:

@blackroomsec Any feedback is welcome, please DM or slack! Planning additional updates meanwhile.

Wiz is building their own framework with TTPs geared especially for SDLC with 70 to start as MITRE fell a little short and couldn't model specific threats like Shai Halud (the colloquial name for the recent node JS repository attacks), properly. Guess I have some SOPs to update this week. Looks really good. wiz.io/blog/sitf-sdlc…

@GrahamHelton3 This is great research @GrahamHelton3 . Couldn't find it in the blog - is the command execution possible with node/proxy:list or node/proxy:watch?

Excited to disclose my research allowing RCE in Kubernetes It allows running arbitrary commands in EVERY pod in a cluster using a commonly granted "read only" RBAC permission. This is not logged and and allows for trivial Pod breakout. Unfortunately, this will NOT be patched.

UPDATE: Shai-Hulud 2.0 has a long tail, and it may have led to $7M in crypto theft. Earlier today, our update laid out how sha1-hulud may have caused the Trust Wallet incident. Trust Wallet just announced the same conclusion 📷Read our analysis >> wiz.io/blog/snipping-…

Or extend their PAT revocation API to cover other token types: #revoke-a-list-of-credentials" target="_blank" rel="nofollow noopener">docs.github.com/en/rest/creden…

With #shaihulud2 refuses to die with the long tale of infections (117 new compromised machines in the last 72 hours, most of them form @Cursor IDE), all @github has to do is disable the gho_ tokens of the super-spreaders (last 2 active spreaders are Cpreet and moh-abed).

🪱sharing more on sha1-hulud w/@sshaybbc * 2 packages == ~60% of infections * 400k unique secrets in truffleSecrets.jsons, only 2.5% verified, & the majority of those short lived JWTs for GitHub Actions! * 3/4 of impacted workloads were CI/CD, 1/4 were users 🔗below

Second part of our research on secret leaks In AI.

@brankopetric00 I would advise to go with EKS pod identity rather than IRSA.

A penetration tester got root access to our Kubernetes cluster in 15 minutes. Here's what they exploited. The attack chain: - Found exposed Kubernetes dashboard (our bad) - Dashboard had view-only service account (we thought this was safe) - Service account could list secrets across all namespaces - Found AWS credentials in a secret - Used AWS credentials to access EC2 instance profile - Instance profile had full Kubernetes admin via IAM - Used kubectl to create privileged pod - Escaped to node - Root access to entire cluster What we thought we did right: - Dashboard was read-only - Secrets were encrypted at rest - Network policies were in place - Regular security updates What we missed: - Dashboard shouldn't be exposed at all - Service accounts need principle of least privilege - Secrets shouldn't contain AWS credentials (use IRSA instead) - Pod Security Policies weren't enforced - Node access wasn't hardened The fix took 2 weeks: - Removed Kubernetes dashboard entirely - Implemented IRSA for all pod AWS access - Applied strict PSPs/Pod Security Standards - Audit all RBAC permissions - Regular penetration testing Cost: $24K for the pentest Value: Prevented what could have been a catastrophic breach

@adnanthekhan At the end we need an attribution to stop this crazy attack sequence, I'd love to see more publications around the actor behaviour and to see GH doing more.

@sshaybbc I would say yes, because an unskilled actor may get privileged cloud access and not know what to do with it or fail spectacularly and get evicted even with AI. Perhaps you have better insight on any cloud incidents that resulted from S1ngularity or Shai-Hulud?

The "sophistication" of the Shai-Hulud #npm #malware is quite overblown. The attacker: - Can prompt AI (likely) - Knows how to use tools like nord-stream to dump secrets - Has basic GitHub knowledge Clever? yes. Sophisticated? No.

@adnanthekhan No cloud impact so far, but the abuse of the cloud access is an incremental evolution step that this actor seems to demonstrate with every attack. Given the likely pool of cloud creds they have now I won't be surprised...

And no AI usage this time 😉

Re- #Shai_Hulud attack - its disturbing to see the evolution of the attacker. Comparing to #s1ngularity attack, new elements added: - Worm-able nature of the exploit - Better automation of the secret scan - Bundling of the secrets for exfiltration with tojson(secrets)

@galnagli How many more #s1ngularity downstream attacks will we see in the next few months?

Another fun day in NPM

More from me on s1ngularity, the Nx supply chain attack. We @wiz_io took advantage of the break in attacker activity to break down: * overall impact * efficacy of the AI usage (not great!) * TTPs and investigation breadcrumbs we've seen to date * our work to notify victims

@0xdabbad00 We are yet to see the EFFICIENT use of AI in the payload but it's close.

This is seen in: - Amazon Q Developer extension compromise - s1ngularity - LameHug - PromptLock ransomware AI safeguards and non-determinism have limited the impact in some cases, but you can directly observe the iterations to improve in s1ngularity: wiz.io/blog/s1ngulari… 2/2

An interesting evolution in malware that occurred in roughly the past month is malware calling AI from the payload. We've seen malware and other artifacts (ex. phishing emails) as the OUTPUT of AI, but now malware is bringing the INPUT to AI. 1/2

😱Imagine waking up to see all your private github repositories were published publicly ... That's what happened overnight for >400 users/orgs and >5000 repositories s1ngularity (the Nx supply chain attack) continues to bear fruit for attackers. Rotate ASAP!

@rharang @beccalunch Love the "treat it as an insider threat" takeaway.

@adnanthekhan Looking forward for a writeup, this intersection btn CICD and Agentic AI is very interesting.

GitHub resolved a submission I made for Copilot Agent. So I’ll share a teaser and maybe publish a writeup when I find time… Severity: High 🟠 Impact: 1 Click -> Steal all Repo Secrets 🔑 Bounty: $15k 💰 #bugbountytips #AgenticAI