Glenn

GitHub’s report today confirms that the compromised Nx Console extension was used as the initial access vector in this attack. This is a difficult thing to read as the CEO of Nx, and I want to be direct about it: we take responsibility for the role our software played in this incident. I’m grateful to the GitHub, Microsoft, and independent security teams that moved quickly to investigate, contain, and share information publicly. This incident highlights that there need to be deeper, more fundamental changes to how we and other maintainers need to think about securing developer tooling and open source distribution. We are already making major changes to our publishing, automation, and extension security posture, and we’ll continue sharing those changes publicly as we implement them. We’re also beginning conversations with other high-profile open source maintainers about how we can work together on some of the deeper structural problems around software supply chain security. A lot of the assumptions the ecosystem has operated under for years no longer hold. Our focus right now is supporting affected users, hardening Nx, and helping push the broader ecosystem toward stronger supply chain security practices. Updates and guidance: https://t.co/szBoQ3doaX

1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

Pwning AI Code Interpreters in AWS Bedrock AgentCore Kinnaird McQuade AWS Bedrock’s Code Interpreter sandbox claimed network isolation — but DNS leaked. Kinnaird built a DNS C2: inbound commands hidden in A-record octets (each octet encodes base64 ASCII), and the interpreter exfiltrates output via queries to crafted DNS subdomains, resulting in a fully interactive reverse shell from the sandbox. Why it matters: - DNS can be a covert channel — allowing DNS makes network isolation porous. - If the interpreter’s IAM role can access S3, a malicious CSV + DNS C2 can let attackers read/write S3. - AWS acknowledged the finding, didn’t patch, and updated docs to say “sandbox mode allows DNS resolution.” PoC is open-sourced — a concrete exploit, not just theory. Takeaway: explicitly control DNS/egress and tighten execution-role permissions. First mentioned in AWS Security Digest Issue #253: https://t.co/w7ED3BwfiC Read here: https://t.co/YQU0CJ0yJ5

We've released a new 5-point action plan for strengthening cyber defense. AI is reshaping cybersecurity. The same capabilities that help defenders may be used by malicious actors. One approach is to treat these systems as too dangerous for broad defensive use and limit them to a very small number of approved partners. We think that misses the central challenge. Attackers won’t wait. Existing models are already useful for many cyber workflows and capabilities will keep advancing. Criminal groups will adopt whatever tools are available. The best way to reduce national risk is to responsibly equip and accelerate trusted defenders faster than adversaries can adapt. Check out our plan ⬇️ https://t.co/pcV0XAWx1q