A

New supply chain attack steals more than 3,000 secrets from GitHub hijacked GitHub credentials behind massive sales loft breach ChatGPT just as vulnerable as humans are to being manipulated and hackers are impressed by popular restaurants commitment to terrible security practices this is Cybersecurity Today and I'm your host David Shipley coming to you from beautiful San Diego. Let's dig into the latest GetGuardian has discovered a new supply chain attack they're calling the Ghost Action Campaign. It infiltrated more than 800 GitHub repositories across 327 users. Attackers slipped malicious GitHub Actions workflows into projects starting with the fast UUID library and used them to steal over 3,300 secrets. Those secrets included PyPi, npm and Docker Hub tokens, all funneled to an attacker controlled server. The good news is the attack was caught quickly. On September 5, GitGuardian raised the alarm and by noon PYPI had locked the affected project and the malicious commit was rolled back. There is no sign that tainted packages were uploaded during that window, but the problem went further. GitGuardian found similar malicious workflows in at least six other public and nearly 10 private repositories, all pointing to the same endpoint. The company created issues in more than 570 affected repos and alerted GitHub, NPM and the PYPI security teams. Monitoring continues to ensure stolen credentials aren't abused. This is just the latest string of attacks on developer environments, tools and processes so far this year. In July, attackers compromised top total's GitHub organization, pushing malicious NPM packages downloaded thousands of times before they were taken down. And around the same time, a zero day and open vsx, the extension marketplace for VS code derivatives, put millions of developers at risk before it was patched. And in August, a Chromium sandbox escape flaw, CVE 20254609 exposed about 1.5 million developers to risk through electron based IDEs. The lesson here? It's not just finished software packages that are under attack looking for vulnerabilities. The entire software development ecosystem, from build tools to workflows, is a increasingly prime target. Protecting these environments, hardening these processes is critical to defending the modern software supply chain. And on that note, Mandiant is providing new insights into the massive Salesloft breach, which has led to compromises for major cybersecurity and SaaS firms, Salesforce CRMs and potentially hundreds of other victims. What we're learning today is that In March through June 2025, the threat actor accessed SalesLoft's GitHub account. With this access, the threat actor was able to download content from multiple repositories and add a guest user, as well as establish workflows. The investigators noted that the attacker had done reconnaissance activities between March and June in the Sales Loft and Drift application environments, but their analysis has found no evidence beyond limited reconnaissance related to the Sales Loft application environments itself. The threat actor then accessed Drift's AWS environment and obtained OAuth tokens for Drift customers technology integrations. They then used those stolen OAuth tokens to access data from clients via any integrations they'd done with Drift. Sunday's update from Salesloft and Mandiant comes as SaaS giant Workiva becomes the latest to announce a breach of their customer information via their CRM. Attackers stole business contact information including names, email addresses, phone numbers and support ticket data. Importantly, Workiva stressed that its own SaaS platform and customer tenant were not impacted. Customers have been warned to watch for the inevitable increase in phishing attempts that will follow. The disclosure from Workiva comes just weeks after another announcement by HR and finance software giant Workday. In mid August Workday attackers used social engineering to trick its staff into granting access to its third party CRM. Like Workiva, the stolen data included only business information that was in the CRM. There was no sign that internal customer tenants or the core Workday platform were touched by attackers. What ties these incidents together is their place in this larger summer of Salesforce related attacks. These attacks are exploiting social engineering, targeting humans as well as finding holes in systems and integrations in order to access the data in the popular CRM. The extortion group Shiny Hunters and others have been targeting CRM systems using OAuth application abuse and impersonation tactics. These campaigns hit big name organizations around the world Google, Cisco, Adidas, Dior, Louis Vuitton and more. Now social engineering has always been part of the cybersecurity threat landscape, but what's different today is the speed and sophistication with which criminals are outpacing defenders. Attackers are combining stolen contact information with well crafted AI phishing or vishing campaigns that are far more convincing than the past. By exploiting trusted SaaS integrations, they move quickly from stealing basic contact details to to launching more targeted attacks. Organizations need to make sure they don't just secure their own platforms. They have to harden the trust connections with third party SaaS providers and that means tightening identity verification, monitoring OAuth activity and preparing employees to be vigilant and skeptical of unexpected requests, even if they appear to come from trusted systems. What has the hair on the back of my neck standing up is that a number of big brands throughout these breach announcements, particularly tech and cybersecurity companies like Cloudflare and Zscaler, are disclosing that attackers took support ticket information that in some cases included sensitive credentials. You heard that right. Take Cloudflare. Investigators found that support tickets accessed via the compromise Salesforce Drift AI integration included not only names and contact info, but also API tokens, logs, and even more worrisome some cases, passwords that customers had shared through support ticket requests. Bottom line, attackers are innovating faster in social engineering, finding new attack paths via supply chain and defenders have to catch up or risk watching this CRM summer of pain get even worse. Speaking of social engineering and psychological manipulation, a new preprint study out of the University of Pennsylvania claims that large language model chatbots such as GPT4 can be surprisingly easy to manipulate through psychological tactics. Researchers created prompts using techniques like authority, commitment, liking, social proof and scarcity and tested the model with two forbidden requests, insulting the user and providing instructions for synthesizing lidocaine. These persuasion based prompts dramatically increase the AI's rule breaking compliance rates. For example, the authority prompt boosted compliance with the lidocaine request from 4.7% to 95.2% and the commitment technique raised compliance to 100% from almost none. What stands out isn't that AI can be tricked. That's long been understood. Rather, this study shows that criminals are innovating faster in social engineering against AI safeguards. Just as with human targets, these models mirror persuasive cues embedded in their training data. Operating with what research call parahuman behaviors, these findings underscore a growing reality. Even well intentioned guardrails can be bypassed with clever prompting grounded in social psychology. It's a call to action for AI developers and security teams. Guardrails must become more robust, not just technically enforced, but psychologically aware. And now is the time to be engaging at a far deeper level with the social science community. The next generation of AI threat vectors. It's not just technical, it's psychological. This is the kind of story that gives senior executives and their PR teams some serious upset stomachs and indigestion. And it was so well written by Mark Tyson At Tom's Hardware, ethical hackers Bob dehacker and Bob the Shoplifter have unearthed what they've dubbed, quote, catastrophic vulnerabilities. End quote. In the digital platforms of Restaurant Brands International. Yes, the parent company behind Burger King, Tim Hortons and Popeyes. They were so easy to hack, one irony laced researcher quipped. The systems were about as solid as a paper whopper wrapped in the rain across all three brands. Assistant Platform Domains Imagine assistant.bk.com, assistant.tim hortons.com and assistant.popeyes.com the flaws rolled out the red carpet. The researchers could create accounts thanks to a forgot to disable Signups API, bypass email verification entirely via the GraphQL introspection and use a create token mutation to elevate themselves to admin to access the systems. And if that doesn't make you do a double take. Passwords were also hard coded in the HTML, including an admin password buried in the drive thru tablet interfaces. Yes, admin in plain sight in the code for the cherry on top. The duo could listen in on live drive thru conversations, including ones containing personal data, because RBI funneled those recordings to AI systems for analysis. If customer privacy wasn't already toast, that sealed the deal. Despite acting responsibly and disclosing the issues, the ethical hackers say they received no acknowledgement from Restaurants Brand International and capped the report with quote Wendy's is better, end quote. But this won't be the only bite on this particular pain sandwich. One can just hear the privacy commissioners and regulators unwrapping their next tasty investigation, which for Tim Hortons comes just three years after the last regulator. Stern talking to for a creepy tracking portion of its mobile app. That's Cybersecurity today for Monday, September 8th. If you missed last weekend's in depth interview with ESET researchers who built an AI to turn CVE documentation into workable exploits in under 15 minutes for less than a dollar, Jim did a great job following the story we covered on a Monday morning segment. As always, stay skeptical and stay patched. Please help us spread the word about the show. Like subscribe, leave a review and if you enjoy the show, tell others we'd love to grow our audience and we need your help. I've been your host David Shipley, Jim Love will be back on Wednesday.