Summary5 min read

SANS Stormcast Podcast Summary

Episode Date: May 21, 2026
Host: Johannes B. Ullrich
Main Topics: GitHub Breach, Agentic Threat Intel Feed Launch, NGINX Vulnerability, BitLocker 'YellowKey' Fix, Incomplete SonicWall Patch

Episode Overview

In this episode, Johannes Ullrich provides a concise and highly relevant briefing on the latest network security developments, with a particular focus on high-impact supply chain and software vulnerabilities influencing a broad swath of the cybersecurity landscape. Key news covers a significant GitHub breach via a malicious VS Code extension, new threat intelligence offerings for agentic AI, a major remote code execution flaw in nginx, Microsoft's mitigation for BitLocker’s ‘YellowKey’ bypass, and warnings about an incomplete SonicWall patch.

Key Discussion Points & Insights

1. GitHub Internal Repository Breach

[00:04–01:51]

Ullrich highlights the gravity of a breach affecting GitHub, underlining its implications due to its prevalence across the open source ecosystem.
Nature of Breach:
- Roughly 3,800 GitHub internal repositories were leaked.
- No current indication that public user repositories or widely adopted software were compromised.
Cause:
- Rooted in a developer installing a malicious Visual Studio Code extension.
Risks Assessed:
- Leaked code could include secrets, vulnerabilities, or issue tracker data.
- The full impact is still being investigated; more details are promised by GitHub.
Notable Quote:

“Any modifications of course to these repositories would be devastating.”
— Johannes B. Ullrich [00:54]

2. Agentic Threat Intel Feed Launched by Agnostic

[01:51–02:22]

Agnostic, a company specializing in security for agentic AI systems, has open sourced:
- A database of Visual Studio Code (VSX) extensions, AI skills, and mcp (not further elaborated).
- Data is evaluated/scanned to assess maliciousness using multiple tools.
- Free API access to threat data is available to the public (with a request not to scrape the website).
Practical Insight:
- Could be leveraged by defenders to vet VS Code extensions and bolster software supply chain defenses.
Notable Quote:

“They published an API as well and the data is free to use. Just don’t scrape their page, instead just use their API. And if you don’t know how to use an API, well, your AI agent may be able to figure it out for you.”
— Johannes B. Ullrich [02:07]

3. New RCE Vulnerability in nginx ('Pool Slip')

[02:22–02:57]

Nebular Security announced a new nginx bug (‘Pool Slip’) allowing remote code execution (RCE), reportedly effective even with ASLR enabled.
Exploit details are embargoed for 30 days to allow time for patching.
A second, less broad nginx vulnerability was disclosed, affecting only specific configurations using JavaScript modules.
Recommendation:
- Stay alert for official patches; update nginx as soon as fixes become available to minimize risk.
Notable Quote:

“For the nginx Pool Slip vulnerability we shouldn't see an exploit, at least by Nebula. And 30 days after the patch is released…”
— Johannes B. Ullrich [02:40]

4. Microsoft’s Mitigation for BitLocker ‘YellowKey’ Bypass

[02:57–03:49]

Microsoft has issued a workaround for a BitLocker security feature bypass, nicknamed YellowKey.
Bug Details:
- Permits rebooting BitLocker-protected systems and mounting drives without proper disk locking, enabling unauthorized access.
Mitigation:
- Involves requiring a PIN entry upon reboot to activate protection.
- Process is more straightforward for freshly configured (unencrypted) systems.
Guidance:
- Recommended as an interim measure for new deployments; expect a permanent fix in an upcoming Patch Tuesday.
Notable Quote:

“It’s easier to do if you’re not yet encrypted. So definitely for new systems that you’re configuring, this is something that you probably should add to your setup scripts until the final fix is released.”
— Johannes B. Ullrich [03:31]

5. SonicWall: Incomplete Patch Deployment

[03:49–04:20]

SonicWall warns that some organizations are still vulnerable to a previously disclosed bug, despite applying operating system upgrades.
Key Issue:
- The patch requires both a firmware update and manual LDAP configuration changes—not just an OS update.
Advice:
- Double-check patch implementation using SonicWall’s advisory to ensure full protection.
Notable Quote:

“It’s not sufficient to just update the operating system, it’s just through the firmware upgrade. Instead you must also update the LDAP configuration. That’s a little bit of more manual process.”
— Johannes B. Ullrich [04:00]

Selected Memorable Moments & Quotes

| Timestamp | Speaker | Quote | |-----------|---------|-------| | [00:54] | Ullrich | “Any modifications of course to these repositories would be devastating.” | | [02:07] | Ullrich | “They published an API as well and the data is free to use. Just don’t scrape their page, instead just use their API. And if you don’t know how to use an API, well, your AI agent may be able to figure it out for you.” | | [03:31] | Ullrich | “It’s easier to do if you’re not yet encrypted. So definitely for new systems that you’re configuring, this is something that you probably should add to your setup scripts until the final fix is released.” | | [04:00] | Ullrich | “It’s not sufficient to just update the operating system, it’s just through the firmware upgrade. Instead you must also update the LDAP configuration. That’s a little bit of more manual process.” |

Key Takeaways

Software supply chain compromise risks remain top of mind, as evidenced by the impact and cause of the GitHub leak.
The open-source security community is responding with proactive threat intelligence sources to help vet dependencies and extensions.
NGINX, BitLocker, and SonicWall users are all urged to follow up on the latest security advisories, as threats are evolving and mitigation might require more than a simple update.
Staying secure requires diligence across technical, process, and human contributors to the software ecosystem.

This episode provides a succinct yet thorough rundown of today’s most urgent cybersecurity news, blending practical advice with warnings and insights for defenders, IT pros, and security leaders.

Loading summary

Transcript7 lines

[00:05]
A
Hello and welcome to the Thursday, May 21, 2026 edition of the SANS Internet Storm Centers Stormcast. My name is Johannes Ulrich, recording today from Jacksonville, Florida and this episode is brought to you by the SANS EDU Graduate Certificate Program in Cyber Defense Operations. Well, today can't help it but to continue to talk about supply chain issues. And first one here is breach of GitHub.
[00:33]
B
I usually don't talk about breaches, as I mentioned before, but this has sort of an important impact to of course
[00:40]
A
everybody using GitHub and well, that's pretty much everybody probably listening to this podcast,
[00:46]
B
even if you're not personally a user of GitHub. Pretty much large percentage, I have no
[00:52]
A
idea what percentage, but it's very large
[00:55]
B
of open source software is maintained via GitHub. Now, while these of course are often public GitHub repositories, any modifications of course to these repositories would be devastating. At this point, there is no indication that anything other than GitHub's own internal repositories leaked. They're talking about something like 3,800 different repositories, which sounds about right for a company the size of GitHub. Of course the second question is what leaked with all of those repositories? What kind of secrets, what kind of source code, what kind of maybe issues Talking about bugs and security vulnerabilities release have leaked here. GitHub promised more details as the investigation evolves, but at this point it appears that the root cause was, well, an individual developer using a malicious Visual Studio code extension.
[01:52]
A
Agnostic, a company that focuses on securing agendic AI has open sourced their own database of VSX extensions, skills and well also mcp. These databases that they're publishing here are essentially scanned with multiple tools in order to figure out how likely a particular Visual Studio code extension is malicious. So definitely something that you can use. They published an API as well and the data is free to use. Just don't scrape their page, instead just use their API. And if you don't know how to use an API, well, your AI agent may be able to figure it out for you. And AI tools continue to be used to find vulnerabilities. The latest year's announcement by Nebular Security that they found another vulnerability in nginx. Now this they call nginx Pool Slip and it's a remote code execution vulnerability. Apparently it does work with ASLR enabled and they're giving 30 days until they will release an exploit. No additional details at this point. There was also a second vulnerability that was announced by nginx or F5, the company behind nginx. That one only affects very specific configurations with the JavaScript modules enabled, and that of course significantly increases also the attack surface of nginx. So keep nginx updated. No word yet when exactly a patch will be released, but for the nginx pull slip vulnerability we shouldn't see an exploit, at least by Nebula. And 30 days after the patch is released and Microsoft published mitigation for the BitLocker security feature bypass vulnerability, also known as yellow key, that came out last week and essentially allows anybody to reboot a system that is protected by BitLocker without locking the disk, and with that mounting the disk to an arbitrary boot operating system. Now, this workaround, and that's what it really sort of is, is not all that trivial to implement. Sort of reading the instructions here, you have to enter pin, then you know on reboot in order to activate this workaround. It's easier to do if you're not yet encrypted. So definitely for new systems that you're configuring, this is definitely something that you probably should add sort of to your setup scripts until sort of the final fix is released. Well hopeful hopefully with the next patch Tuesday and SonicWall is warning that they're seeing exploitation of a vulnerability that they originally patched in January, but, well, many organizations haven't fully deployed the patch. The problem here is that it's not sufficient to just update the operating system, it's just through the firmware upgrade instead you must also update the LDAP configuration. That's a little bit of more manual process. They're walking you through it in the advisory, so definitely double check that you applied this patch correctly. Well and this is it for today. So thanks for listening, thanks for liking, thanks for recommending. Thanks for letting me know what content you liked or didn't like in any particular episode and talk to you again tomorrow. Bye.