GitHub Malware Frenzy: 598 MB Code Leak Exploited

The LiteLLM supply chain attack is a good reminder that your threat surface isn't just your code. It's everything your code depends on. One compromised package. 97 million monthly downloads. SSH keys, cloud credentials, API tokens, CI/CD secrets all potentially exposed. And the scary part? It was only caught because the malware had a bug that caused crashes. If the attacker had written cleaner code, it would still be running quietly in production pipelines right now. What makes this worse is the transitive dependency problem. You didn't even have to install LiteLLM directly. Something like dspy pulls it in automatically and now you're affected without even realizing it. What's even more interesting about this one is how the attack actually started. The threat actor didn't hack LiteLLM directly. They first compromised Trivy, the security scanner LiteLLM was using in its own CI/CD pipeline. That gave them the PyPI publishing token. One trusted tool used in a build process became the entry point for the whole thing. I think this is also a good moment to ask how many packages the average project actually needs. Some developers are starting to write simple utilities themselves instead of pulling in a dependency for every small thing. I get that it slows things down but maybe that tradeoff is worth revisiting. Full breakdown here: https://lnkd.in/eba43hdK #CyberSecurity #SupplyChainAttack #DevSecOps #Python #PyPI #CICDSecurity

AI agents that execute commands, browse the web, and coordinate with other agents are everywhere. But how do you know they're safe? Season 4 of Github's Secure Code Game lets you find out by hacking one yourself. Free, hands-on, and you can get started in under 2 minutes! Learn more in our latest blog. https://lnkd.in/gacyENSm

I almost shipped malware because of GitHub Copilot. Here's how. Not clickbait. This actually happened to a dev on my team. Copilot suggested `fast-crypto-utils`. Sounded legit. He ran npm install. Didn't check. Turns out, that package doesn't exist in any real library. But it did exist on npm. Uploaded 3 days ago. 11 downloads. All from people who made the same mistake. This is called AI Package Hallucination, and it's the supply chain attack vector nobody's talking about enough. Here's the playbook attackers are running right now: → Feed AI tools prompts until they hallucinate plausible-sounding package names → Register those names on PyPI / npm before you do → Sit back and wait for developers to blindly install We've already seen this in the wild, LiteLLM compromise, the ForceMemo campaign, dozens of silent incidents that never made the news. 3 rules I now live by: 1. Google every package you've never heard of. Low download count + created recently = immediate red flag. Walk away. 2. Commit your lock files. package-lock.json, poetry.lock, these aren't optional. They're your paper trail. 3. Run npm audit / pip-audit like it's brushing your teeth. Daily. Not when something breaks. AI makes us 10x faster. It also makes us 10x more careless. One hallucinated package name + one blind install = your company's next breach. Verify. Lock. Audit. Repeat. #SoftwareEngineering #CyberSecurity #OpenSource #AI #WebDevelopment #Python #NodeJS

AI is still far from being secure. A recent article by Kaspersky highlights a supply chain attack targeting LiteLLM, a widely used Python library acting as a gateway for multiple AI models. Attackers managed to upload two malicious versions (1.82.7 and 1.82.8) directly to PyPI. The goal? Steal sensitive data and establish persistent access within the victim's infrastructure. A quick breakdown of what the malware does: --> search for SSH keys, Git credentials, and .env files --> extract runtime secrets (including AWS metadata) --> attempt Kubernetes privilege escalation Similar issues were also found in some Checkmarx extensions on OpenVSX. Infections have been observed mainly in Russia, Brazil, and China. Full article here: https://lnkd.in/d2tpczpB

One bug is a crash. Four bugs chained together is root. This is where Mythos Preview stops being impressive and starts being genuinely unprecedented. Finding a single vulnerability is one thing. But modern operating systems are designed with defense in depth, one bug alone rarely gets you anywhere useful. You need to chain multiple vulnerabilities together, each one defeating a different defense layer. This is work that takes elite human researchers days to weeks per exploit. Mythos does it in hours. Linux Kernel, Chaining 4 Vulnerabilities for Root The Linux kernel has KASLR, which randomizes where kernel code and data live in memory. A write primitive alone is blind, you don't know what you're overwriting. Mythos independently identified, then chained: 1. One vulnerability to bypass KASLR 2. A second vulnerability to read a critical kernel struct 3. A third vulnerability to write to a freed heap object 4. A heap spray to place a controlled struct exactly where the write lands Result: root permissions. Anthropic reports "nearly a dozen examples" of Mythos chaining 2, 3, and sometimes 4 vulnerabilities into working Linux kernel exploits. Web Browsers, JIT Heap Spray + Sandbox Escape Modern browsers run JavaScript through JIT compilers, making memory layouts dynamic and unpredictable. Browsers also layer JIT-specific hardening on top. For multiple browsers, Mythos: → Discovered read and write primitives → Chained them into a JIT heap spray → Escaped the renderer sandbox → Combined this with a local privilege escalation exploit The end result: a webpage that, when visited, gives the attacker the ability to write directly to the operating system kernel. Why chaining is the real breakthrough: Vulnerability scanners have existed for decades. Fuzzers can crash programs. But the creative, multi-step reasoning required to chain vulnerabilities, understanding which defense each bug bypasses, how to sequence them, and how to maintain state between exploitation stages, that has always been exclusively human territory. Not anymore. The N-day exploit walkthrough Anthropic published (turning a one-bit write into root) spans pages of intricate reasoning: cross-cache reclamation, page table manipulation, PTE bit-flipping, all orchestrated to achieve privilege escalation through a vulnerability that only corrupts a single bit. This is not pattern matching. This is adversarial reasoning at an elite level. Tomorrow: what this means for every software team, including yours. #ExploitDev #CyberSecurity #AI #Linux #BrowserSecurity #DefenseInDepth #Anthropic

🚀 Updated Dev's Weekly Roundup: A Week of Breakthroughs and Breaches Stay ahead in the fast-paced world of software development with our latest insights! This week, we dive into critical security challenges and groundbreaking developments that every developer should know about. 🚨Security Roundup: Widespread supply chain attacks by TeamPCP Blueprint for Disaster: Claude Code Source Leak Triggers Critical RCE Flaw Axios Under Siege Critical Command Injection vulnerability in OpenAI Codex 🧑💻Web Development: The Axios Supply Chain Crisis TypeScript 6.0 and the Go-Powered Future The Industry Debate: AI in Node.js Core 🛠️Browser & Tooling Updates: Temporal API update Eleventy brand rename Vite 8.0 release ✨AI roundup: The Claude Code Leak and Subcommand Bypass The Release of Gemma 4 and On-Device Agents Enterprise Expansion for Gemini 1.5 Pro 💡Tips: Secure from supply chain attacks Catch up on these stories and more in our latest edition of Updated Dev's Weekly Roundup. Your high-signal feed for staying informed and prepared in the ever-evolving tech landscape. Read the full roundup here: https://lnkd.in/e93PWcMt #SoftwareDevelopment #CyberSecurity #TechNews #DeveloperCommunity #UpdatedDev #SupplyChainSecurity #RCE #HackingNews #StayInformed #TechUpdates

What happens if/when the heavy sharing on GitHub (thousands of forks, stars, and mirrors by developers worldwide) turns this into a vector for abuse? Potential misuse and security risks? Yep, also including Vidar and GhostSock malware distribution. TL;DR Threat actors are also actively leveraging the recent Claude Code leak as a social engineering lure to distribute malicious payloads with GitHub serving as a delivery channel.

🛡️ Excited to announce the launch of PenTest Toolkit — a professional, open-source penetration testing framework I built for security researchers and bug bounty hunters. The toolkit is fully modular, organized by category, and built across multiple languages: 🔍 Recon & OSINT — Subdomain enumeration, WHOIS & IP intelligence 🌐 Web App Testing — Directory brute-forcing, XSS parameter scanning 🔌 Network Scanning — Fast TCP port scanner, CIDR host discovery 💥 Exploit Automation — CVE lookup via NIST NVD API 📄 Report Generation — Professional HTML reports from scan results ⚙️ Tech Stack: Python · Go · Node.js · Bash Every tool is built with real engagements in mind — clean CLI interfaces, threading for speed, structured JSON output, and CI/CD via GitHub Actions. Designed strictly for authorized security assessments and bug bounty programs. 🔗 GitHub: https://lnkd.in/gQWRnPjR If you're in the security community, I'd love your feedback, a ⭐ on the repo, or a follow to see what's coming next. #PenetrationTesting #BugBounty #CyberSecurity #OpenSource #EthicalHacking #InfoSec #Python #Go #SecurityTools

🚨 Quick Security Note for Developers My Mac was sending MBs of data even when idle — no visible apps, no CPU spikes. Root cause? 👉 Malicious code hidden in a project (via AI-generated setup + Git hooks) ⚠️ The infection came from a project dependency / repo I trusted. Yes… just a normal development workflow: - Clone repo - Install dependencies - Run project 💀 What the malware was doing: - Injecting scripts into .git/hooks - Running hidden shell commands - Attempting silent background execution - Obfuscating payloads using base64 layers ⚠️ Lessons: - Don’t blindly trust AI or GitHub repos - Always check .git/hooks - Avoid running unknown scripts (curl | sh) - Monitor network activity, not just CPU 🧠 Even “normal” projects can hide threats. Stay alert. Stay secure. 🔐 #CyberSecurity #Developers #AI #InfoSec

Probably, you've already heard about the widely-discussed Claude Mythos extraordinary capabilities. I am fresh from reading the "Assessing Claude Mythos Preview’s cybersecurity capabilities" and gathered some key points below. The general observation is that LLMs are strong in areas where the reward function is clear and well-defined. For instance in breaking the security measures. We are talking about a scenario where bypassing a protection = success. 1) Mythos significantly outperforms Opus 4.6 Anthropic says it is a whole new league. The model finds vulnerabilities, chains them, and writes working exploits. Something the previous generation of models consistently failed to do. "Opus 4.6 turned the vulnerabilities it had found in Mozilla's Firefox 147 JavaScript engine [...] into JavaScript shell exploits only two times out of several hundred attempts. [...] Mythos Preview developed working exploits 181 times." "Opus 4.6 generally had a near-0% success rate at autonomous exploit development." 2) Anthropic doesn't train Mythos specifically to find bugs What's actually surprising, is that the results are not anticipated. Mythos was not fine-tuned to exploit vulnerabilities. It evolved through general enhancements. "We did not explicitly train Mythos Preview to have these capabilities. Rather, they emerged as a downstream consequence of general improvements in code, reasoning, and autonomy." 3) Anthropic shares some details of 3 vulnerabilities A 27-year-old bug in OpenBSD's TCP stack - an OS known primarily for its security. Total cost across a thousand runs: under $20,000. The specific run that found it: under $50. A 16-year-old bug in FFmpeg's H.264 codec - one of the most thoroughly fuzzed media libraries, missed by every fuzzer and human reviewer since 2010. Several hundred runs over the repository at a cost of roughly $10,000. No false positives. A guest-to-host memory corruption vulnerability in a production memory-safe VMM - the kind of target that underpins most of the public cloud. Notable because the bug lives inside an unsafe block in an otherwise memory-safe language - a reminder that "memory-safe" doesn't mean "safe everywhere." --- What we are missing from the picture is actually the TP/FP ratio and the raw number of reports Mythos generated for each of the vulnerabilities. While the cost of exploitation will likely go down with further iterations, it is evident that the human factor is still needed for validating the findings. "We have contracted a number of professional security contractors to assist in our disclosure process by manually validating every bug report before we send it out to ensure that we send only high-quality reports to maintainers." This proves that researchers are still needed. The human is still in the loop. [LINK TO THE BLOG POST IN THE COMMENTS SECTION]