🧑‍🚒 Endless Fire Drills

HugOps to everyone who has been on call responding to the basically weekly announcement of new massively popular open source dependencies getting backdoored.

We’ll get through this, and we’ll gradually improve the package ecosystem such that attacks like these are much more difficult to execute 🤘

Until then:

Sponsor

📣 Advanced GitHub Security Best Practices

Secrets, tokens, repos, GitHub holds it all. 

GitHub is where ideas turn into code. The GitHub Security Best Practices Cheat Sheet makes it simple to keep that code secure while teams move fast. From stronger MFA to safer workflows, learn practical steps that fit into the way your team already works.

Learn simple, actionable steps to:

• Strengthen authentication and streamline access management

• Protect repos and workflows with rulesets and branch protections

• Secure CI/CD pipelines with GitHub Actions best practices

• Confidently manage third-party integrations

Grab the cheat sheet and start securing GitHub today.

👉 Download Now 👈

AppSec

Agneyastra to the Rescue: Protecting your Firebase Projects before the Tea spills out!
RedHunt Labs’ Bhavarth Karmarkar announces Agneyastra, an open source tool that scans Firebase configurations with a simple API key to detect such vulnerabilities, testing for unauthenticated access, anonymous auth bypass, and new user sign-up tokens, then produces reports with recommended secure rulesets.

WebSocket Turbo Intruder: Unearthing the WebSocket Goldmine
Portswigger’s Zakhar Fedotkin discusses the new version of WebSocket Turbo Intruder, a Burp Suite extension that brings high-speed fuzzing capabilities to WebSocket testing, addressing the blind spot where many testers and tools give up. Features: supports thousands of messages per second, can automate testing by integrating with existing HTTP scanners, and hides boring responses so you can focus on interesting results. It includes specialized capabilities for testing Socket.IO implementations, detecting server-side prototype pollution, and exploiting race conditions through a threaded engine that creates multiple simultaneous connections.

DOM-based Extension Clickjacking: Your Password Manager Data at Risk
Marek Toth describes a new "DOM-based Extension Clickjacking" attack that allows attackers to steal sensitive data from password managers with just a single user click on a malicious website. Testing 11 popular password managers (~40M active installations), he found all were vulnerable to techniques where attackers manipulate extension UI elements by making them invisible through JavaScript, potentially exposing credit card details, personal information, login credentials, and TOTP codes. In some scenarios, the attack can bypass passkey authentication. DEF CON 33 (2025) PDF presentation.

Sponsor

📣 Map your SaaS supply chain today

In the Salesloft Drift breach, attackers exploited OAuth grants to gain access to Salesforce instances and exfiltrate sensitive data.

This incident underscores how fragile and over-trusted today’s web of SaaS and AI integrations has become, and why organizations need to rethink how they secure it.

Nudge Security is the only SaaS security solution that alerts you of breaches impacting your 3rd and 4th party SaaS suppliers, complete with breach details and recommended actions so you can respond swiftly and limit the ripple effects.

👉 See how it works 👈

Oof the Salesloft Drift hit tons of companies, being able to respond quickly is 👌 See also Nudge’s helpful Salesloft Drift breach tracker for affected companies.

Cloud Security

AWS CloudTrail Event Cheatsheet: A Detection Engineer’s Guide to Critical API Calls
Muh. Fani Akbar shares a guide to critical AWS CloudTrail events that detection engineers should monitor across the MITRE ATT&CK framework phases. The post maps specific API calls to attacker techniques, offering practical detection queries for each attack phase including initial access (ConsoleLogin), execution (StartInstance), persistence (CreateAccessKey), privilege escalation (CreateRole), defense evasion (StopLogging), and exfiltration (GetObject), and more.

The post organizes detection priorities into three tiers based on response urgency and includes a Critical Event Matrix with behavioral IoCs to help analysts cut through CloudTrail noise and focus on high-signal events during incident response and threat hunting.

Ghost in the Script: Impersonating Google App Script projects for stealthy persistence
TIL when an Apps Script app is deployed, a GCP Project is created on the GCP Organization the account is a part of. Exaforce’s Bleon Proko and Jakub Pavlik describe how attackers can abuse Google Workspace Apps Script projects for stealthy persistence by either hijacking legitimate Apps Script projects or creating a GCP project with the same name format ("sys-<26 numbers>"), which will not be shown in console views.

The post describes attack scenarios like cryptomining and persisting in an org by creating a service account in these hidden projects. Detection: look at the billing info of the project, enabled API services, and find impersonation attempts in the logs. They recommend setting an organization policy to block the creation of projects with IDs matching the Apps Script format.

Canary tokens: Learn all about the unsung heroes of security at Grafana Labs
Grafana Labs’ Mostafa Moradian describes how canary tokens were crucial in detecting a recent GitHub Action security incident, providing real-time alerts when an attacker validated an exfiltrated AWS API key, allowing them to contain the intrusion in minutes. The post has some great tactical tips including:

• Precision in pinpointing: Utilize organization-level tokens for broad compromise detection and repository-level tokens to identify specific entry points.

• Metadata is key: For quicker investigation, ensure every notification includes canary token metadata (name, location, reminder text).

• Placement: CI/CD pipelines (dummy env variables, test jobs, secondary workflows), private code repos (config files, comments, branch-specific .env files), developer workstations and build servers (~/.aws/credentials, hidden directories), cloud accounts and consoles.

Supply Chain

ctrl/tinycolor and 40+ NPM Packages Compromised
StepSecurity’s Ashish Kurmi describes how the @ctrl/tinycolor package has been compromised alongside 40+ other NPM packages in a supply chain attack dubbed "Shai-Hulud". The malware self-propagates across maintainer packages (automatically infects downstream packages), harvests AWS/GCP/Azure credentials using TruffleHog, and establishes persistence through GitHub Actions backdoors that exfiltrate repository secrets to a command and control endpoint.

More from ReversingLabs, Socket, Wiz.

💡 DJ Khaled on compromised NPM packages.

GitHub Actions policy now supports blocking and SHA pinning actions
GitHub Actions has introduced new security features to help mitigate supply chain risks from compromised third-party actions, including the ability to explicitly block specific actions or versions (newly compromised Action → block it) and enforce SHA pinning (block mutable tags or branches).

💡 Love these security features, it’s great that GitHub is giving users more security controls. See also from last issue: immutable releases.

GitHub Actions Security: Zizmor auto-fixes for the win!
Mostafa Moradian describes how he added auto-fix capabilities for a number of vulnerabilities to zizmor, William Woodruff’s GitHub Action security scanning tool. This auto-fix capability helped Grafana Labs apply fixes across dozens of workflows and thousands of repositories (see Mostafa’s canary post in this issue).

💡 Detection is great, but fixing issues at massive scale is huge for risk reduction. And preventing classing of vulnerabilities from occurring in the first place via secure defaults in libraries, frameworks, shared security controls, etc. is 👌 

GitHub Actions: A Cloudy Day for Security
Binary Security’s Sofia Lindvist discusses GitHub Actions security, focusing on protecting CI/CD pipelines against attackers with contributor access to repositories. She details critical security measures including proper branch protections (requiring pull requests with approvals and preventing stale approvals), environment-level secrets management, tag protections (preventing unauthorized releases), and preventing script injection by using environment variables instead of direct context references in workflow steps. See also Sofia’s NDC Security 2025 talk here.

“A collaborator can freely modify workflow files on unprotected branches, and there are no restrictions on which branches can access the repository secrets, so a collaborator can simply modify an existing workflow to print all secrets.”

Blue Team

tclahr/uac
By Thiago Canozzo Lahr: UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.

CISA: Eviction Strategies Tool
CISA has released the Eviction Strategies Tool, which combines Playbook-NG (a web application for incident response) and COUN7ER (a database of over 100 post-compromise countermeasures mapped to adversary TTPs). The tool helps defenders create systematic eviction plans by matching incident findings with recommended response actions, allowing export in multiple formats (JSON, Word, Excel, markdown), and more. CISA regularly updates the COUN7ER database based on threat intelligence and internal testing.

An Attacker’s Blunder Gave Us a Look Into Their Operations
Huntress’ Jamie Levy, Lindsey O'Donnell-Welch, and Michael Tigges describe how a threat actor inadvertently installed Huntress EDR on their own machine, giving Huntress unprecedented visibility into their operations. They observed the attacker using tools like Make.com to automate workflows, searching for Evilginx instances via Censys, researching residential proxy services (LunaProxy, Nstbrowser), leveraging Google Translate to craft phishing messages, and attempting to exploit Microsoft Entra primary refresh tokens using ROADtools and Python scripts.

The threat actor’s browser history revealed extensive reconnaissance of banking institutions, cryptocurrency exchanges, and various organizations, with some 12-14 hour workdays.

Red Team

print3M/dllshimmer
By @Print3M_: a tool that weaponizes DLL hijacking by allowing attackers to backdoor any function in any DLL without disrupting normal process operation.

pwnfuzz/diffrays
By Nikhil John Thomas and Ayushman Dubey: A tool for binary patch diffing, designed to aid in vulnerability research, exploit development, and reverse engineering. It leverages IDA Pro and the IDA Domain API to extract pseudocode of functions and perform structured diffing between patched and unpatched binaries.

Leveraging Raw Disk Reads to Bypass EDR
Workday’s Christopher Ellis describes how to bypass EDR by leveraging raw disk reads through either a vulnerable driver or direct access to Windows disk drivers, allowing extraction of sensitive files like SAM.hive and NTDS.dit without triggering file-level detections. This technique avoids filesystem ACLs, exclusive file locks, and EDR API hooking by reading raw disk data and parsing the NTFS filesystem to extract files without ever opening a handle to the target files directly. GitHub PoC here.

Politics / Privacy

Geedge & MESA Leak: Analyzing the Great Firewall’s Largest Document Leak
“The Great Firewall of China (GFW) experienced the largest leak of internal documents in its history on Thursday September 11, 2025. Over 500 GB of source code, work logs, and internal communication records were leaked, revealing details of the GFW’s research, development, and operations.” This page contains links to download the leaked content.

The Internet Coup: A Technical Analysis on How a Chinese Company is Exporting the Great Firewall to Autocratic Regimes
Based on a leak of more than 100,000 documents, InterSecLabs shares a 76 page PDF deep dive into how the Chinese company Geedge Networks is exporting a suite of technologies resembling China’s Great Firewall to the governments of Kazakhstan, Ethiopia, Pakistan, and Myanmar, and deploying similar systems in China.

• Geedge Networks’ offerings enable comprehensive surveillance and censorship capabilities, empowering governments to conduct both broad-scale population monitoring and internet shutdowns, while simultaneously enabling granular surveillance of internet users and targeted blocking and censorship.

• It allows monitoring the geographic location of mobile subscribers in real time; analyzing aggregated network traffic in specific areas, such as during a protest or event; flagging unusual traffic patterns as suspicious; creating tailored blocking rules to obstruct access to a website or application (such as a VPN or circumvention tool); assigning individual internet users reputation scores based on their online activities; and infecting users with malware through in-path injection.

• Geedge Networks appears to be plagiarizing certain commercial products, such as Greynoise and Fortinet networking appliances. They also incorporate open-source code in ways that may violate licensing terms.

“Though the companies often claim they aren’t responsible for how their products are used, some directly pitched their tech as tools for Chinese police to control citizens, marketing materials from IBM, Dell, Cisco, and Seagate show.”

“Because of this technology … we have no freedom at all,” said Yang Caiying, now in exile in Japan, whose family has been trapped in an increasingly tight noose of surveillance for the past 16 years. “At the moment, it’s us Chinese that are suffering the consequences, but sooner or later, Americans and others, too, will lose their freedoms.”

AI + Security

Announcing RiskRubric
Caleb Sima announces RiskRubric, a Cloud Security Alliance powered project that rates 40+ models across six pillars: transparency, reliability, security, privacy, safety, and reputation. For each model, they use 1,000+ reliability prompts, 200+ adversarial prompts, analyze risk indicators and review model cards.

💡 I need to think more about the methodology and ratings, but overall I think it’s nice to have a high level TL;DR of important attributes of different models.

How to securely deploy agents that make sensitive decisions autonomously
The slides for Meta’s Joshua Saxe’s keynote at the AI Security Forum in Vegas this year. Talk thesis: AI agent security requires a novel fusion of cybersecurity, which assumes misalignment, and alignment, which maximizes p(aligned). The talk has some nice historical context, compares traditional security to AI agent security, and discusses a four part security model for defending AI agents: security aware AI agents, risk reduction guardrails, deterministic controls, and detection and response. Come for the Clippy memes, stay for the knowledge.

💡 If you care about AI + security and don’t already follow Joshua, you’re missing out.

How Burp AI Works
Friend of the newsletter Parsia Hakimian shows how Burp AI works internally by showing how to proxy its traffic to ai.portswigger.net via a dual-Burp proxy configuration (yo dawg, I heard you like proxies, so I proxied your proxy…). Parsia analyzes three features: Explore Issue, Explain This, and AI Recorded Login, showing Burp’s prompts, its JSON request/responses, and how Burp implements "agentic behavior" where the AI can instruct Burp to perform actions like sending requests or clicking UI elements. Note that Burp never sends credentials to the AI service.

In case you missed it, here’s my interview with Portswigger founder Daf Stuttard and Director of Research James Kettle when they were launching Burp AI, which features some super cool demos!

Misc

Feelz

• Chris Williamson - How To Break Free From Your Old Story - Dr John Delony

• Soft White Underbelly - A Female Perspective on Romantic Relationships-Jillian Turecki

• Two dudes talking about vulnerability in relationships

Misc

• Ryan Holiday - We Must Not Devolve Into This (Or We Risk 2,500 Years of Progress)

• How to Get the NY Times for Free - Via SF public library

• Kevin Espiritu - Everything I've learned about drawing after 78 days of teaching myself to draw from scratch

• Birth rates are falling more steeply among progressives than conservatives

• Alex Hormozi - From Rock Bottom to Breakthrough - “Business became my feel good drug"

• Dan Go - I'm 45. If you're in your 30s watch this

• Ali Abdaal - How to Change Your Life - Take 4 hours and rate your life across relationships, work, spiritual, do Tim Ferris’ fear setting promtps, answer other prompts, decide what you’re going to do differently.

• My First Million - Shaan interviews MrBeast on his Business Lessons

• My First Million - Shaan recaps the biggest takeaways from spending the weekend with 10 billionaires including MrBeast, Andrew Wilkinson, Joe Gebbia and more

✉️ Wrapping Up

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏

Thanks for reading!

Cheers,
Clint
@clintgibler