September 8, 2025 • 12 mins
Cybersecurity Today: Ghost Action Campaign, SalesLoft Breach, AI Vulnerabilities, and Restaurant Security Flaws
Host David Shipley discusses the latest in cybersecurity, including the Ghost Action Campaign which compromised over 3000 secrets from GitHub repositories, the SalesLoft breach affecting major cybersecurity and SaaS firms, and new research showing how large language model chatbots like GPT-4 can be manipulated easily. Additionally, ethical hackers uncover significant vulnerabilities in the digital platforms of Restaurant Brands International. The episode emphasizes the importance of securing the software development ecosystem and maintaining robust social engineering defenses.
00:00 Introduction and Headlines
00:32 GitHub Supply Chain Attack: Ghost Action Campaign
02:51 SalesLoft Breach: A Deep Dive
05:01 The Summer of Salesforce Attacks
07:19 Manipulating AI: New Research Insights
09:14 Restaurant Brands International: Security Flaws Exposed
11:21 Conclusion and Sign-Off
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:01):
New supply chain attack steals morethan 3000 secrets from GitHub, hijacked
GitHub, credentials behind massive sales.
Loft breach chat, GPT just as vulnerableas humans are to being manipulated.
And Hackers are impressed bypopular restaurants, commitment
to terrible security practices.
(00:22):
This is cybersecurity today, andI'm your host, David Shipley, coming
to you from beautiful San Diego.
Let's dig into the latest.
Git Guardian has discovereda new supply chain attack.
They're calling the Ghost Action Campaign.
It infiltrated more than 800 GitHubrepositories across 327 users.
(00:44):
Attackers slipped malicious GitHubactions workflows into projects starting
with the FAST UUID library and usethem to steal over 3,300 secrets.
Those secrets included pi, pi NPM,and Docker Hub tokens all funneled
to an attacker controlled server.
The good news is theattack was caught quickly.
(01:06):
On September 5th, Git Guardian raisedthe alarm and by noon pi, PI had
locked the affected project and themalicious commit was rolled back.
There is no sign that tainted packageswere uploaded during that window.
But the problem went further.
Git Guardian found similar maliciousworkflows in at least six other public
(01:26):
and nearly 10 private repositoriesall pointing to the same endpoint.
The company created issues inmore than 570 affected repos and
alerted GitHub, NPM, and the PII.
Security teams.
Monitoring continues to ensurestolen credentials aren't abused.
This is just the latest string ofattacks on developer environments,
(01:48):
tools, and processes so far this year.
In July, attackers compromised top totals.
GitHub organization pushing maliciousNPM packages downloaded thousands of
times before they were taken down andaround the same time, a zero day in open
VSX, the extension marketplace for VS.
Code derivatives put millions ofdevelopers at risk before it was patch.
(02:12):
And in August, a Chromium sandboxescape Flaw, CVE 20 25 46 0 9 exposed
about 1.5 million developers torisk through electron based ides.
the lesson here.
It's not just finished softwarepackages that are under attack
looking for vulnerabilities.
(02:33):
The entire software developmentecosystem from build tools to workflows
is a increasingly prime target.
Protecting these environments, hardeningthese processes is critical to defending
the modern software supply chain.
And on that note, Mandiant isproviding new insights into the massive
(02:56):
SalesLoft breach, which has led tocompromises for major cybersecurity
and SaaS firms, Salesforce CRMs, andpotentially hundreds of other victims.
What we're learning today is that inMarch through June, 2025, the threat
actor accessed SalesLoft's GitHub account.
(03:16):
With this access the threat actorwas able to download content from
multiple repositories and add a guestuser as well as establish workflows.
The investigators noted that theattacker had done reconnaissance
activities between March and June inthe Sales Loft and Drift application
environments, but their analysishas found no evidence beyond limited
(03:38):
reconnaissance related to the SalesLoft application environments itself.
The threat actor then accessed Drifts AWSenvironment and obtained OAuth tokens for
Drift customers technology integrations.
They then used those stolen OAuthtokens to access data from clients
via any integrations they've done withDrift Sunday's update from SalesLoft
(04:03):
and Mandiant comes as SaaS giant.
Workiva becomes the latestto announce a breach of their
customer information via their CRM.
Attackers stole business contactinformation, including names,
email addresses, phone numbers,and support ticket data.
Importantly, Workiva stressedthat its own SaaS platform and
customer tenant were not impacted.
(04:26):
Customers have been warned to watchfor the inevitable increase in
phishing attempts that will follow.
The disclosure from Workiva comesjust weeks after another announcement
by HR and finance software.
Giant Workday in mid-August, Workdayattackers use social engineering
to trick its staff into grantingaccess to its third party CRM.
(04:48):
Like Workiva, the stolendata included only business
information that was in the CRM.
There was no sign that internalcustomer tenants or the core Workday
platform were touched by attackers.
What ties these incidents togetheris their place in this larger summer
of Salesforce related attacks.
These attacks are exploiting socialengineering, targeting humans, as
(05:11):
well as finding holes in systemsand integrations in order to
access the data in the popular CRM.
The extortion group, Shiny Huntersand others have been targeting CRM
systems using OAuth applicationabuse and impersonation tactics.
these campaigns, hit big nameorganizations around the world.
Google, Cisco, Adidas, Dior,Louis Vuitton, and more.
(05:36):
Now social engineering has alwaysbeen part of the cybersecurity threat
landscape, but what's different todayis the speed and sophistication with
which criminals are outpacing defenders.
Attackers are combining stolen contactinformation with well-crafted AI,
phishing, or vishing campaigns thatare far more convincing than the past.
By exploiting trusted SaaSintegrations, they move quickly from
(05:59):
stealing basic contact details tolaunching more targeted attacks.
Organizations need to make sure theydon't just secure their own platforms.
They have to harden the trust connectionswith third party SaaS providers, and that
means tightening identity verification,monitoring OAuth activity, and preparing
employees to be vigilant and skepticalof unexpected requests, even if they
(06:22):
appear to come from trusted systems.
What has the hair on the back of myneck standing up is that a number of
big brands throughout these breachannouncements, particularly tech
and cybersecurity companies likeCloudFlare and Zscaler are disclosing.
The attackers took support ticketinformation that in some cases
included sensitive credentials.
(06:44):
You heard that right?
Take CloudFlare.
Investigators found that support ticketsaccess via the compromised Salesforce
drift AI integration included not onlynames and contact info, but also API
tokens logs, and even more worrisomesome cases, passwords that customers had
shared through support ticket request.
(07:04):
Bottom line, attackers are innovatingfaster in social engineering, finding
new attack paths via supply chain, anddefenders have to catch up or risk.
Watching this CRM Summerof Pain get even worse.
Speaking of social engineering andpsychological manipulation, a new preprint
study outta the University of Pennsylvaniaclaims that large language model chatbots,
(07:28):
such as GPT-4 can be surprisingly easy tomanipulate through psychological tactics.
Researchers created prompts usingtechniques like authority, commitment,
liking social proof, and scarcity, andtested the model with two forbidden
requests insulting the user and providinginstructions for synthesizing lidocaine.
(07:50):
These persuasion based promptsdramatically increased the AI's
rule breaking compliance rates.
For example, the authority promptboosted compliance with the lidocaine
request from 4.7% to 95.2%, and thecommitment technique raised compliance
to a hundred percent from almost none.
(08:11):
What stands out isn'tthat AI can be tricked.
That's long been understood.
Rather, this study shows thatcriminals are innovating faster
in social engineering against AIsafeguards just as with human targets.
These models mirror persuasivecues embedded in their training
data, operating with what researchcall para human behaviors.
(08:32):
These findings underscorea growing reality.
Even well-intentioned guardrails canbe bypassed with clever prompting,
grounded in social psychology.
It's a call to action for AIdevelopers and security teams.
Guardrails must become more robust,not just technically enforced,
but psychologically aware.
And now is the time to be engagingat a far deeper level with
(08:56):
the social science community.
The next generation of AIthreat vectors, it's not just
technical, it's psychological.
This is the kind of story that givessenior executives and their PR teams some
serious upset stomachs and indigestion,
and it was so well written by MarkTyson at Tom's Hardware Ethical
(09:19):
Hackers, bobbed the hacker.
And Bobbed the shoplifter haveunearthed what they've dubbed,
quote, catastrophic vulnerabilities.
End quote, in the digital platformsof Restaurant Brands International.
Yes, the parent company behindBurger King, Tim Horton's and
Popeye's, they were so easy to hack.
One irony laced researcher equipped.
(09:39):
The systems were about as solid asa paper whopper wrapped in the rain.
across all three brands, assistantplatform domains, imagine
assistant.bk.com, assistant dot timhortons.com, and assistant.popeyes.com.
The flaws rolled out the red carpet.
The researchers could create accountsthanks to a forgot to disable signups.
(10:02):
API bypass email verification entirelyvia the GraphQL introspection and use
a create token mutation to elevatethemselves to admin to access the systems.
And if that doesn't make you do adouble take passwords, were also
hard coded in the HTML, includingan admin password buried in the
drive-through tablet interfaces.
(10:24):
Yes, admin in plain sight inthe code for the cherry on top.
The duo could listen in on livedrive-through conversations, including
ones containing personal data because RBIfunneled those recordings to AI systems
for analysis if customer privacy wasn'talready toast, that sealed the deal.
(10:46):
Despite acting responsibly anddisclosing the issues the ethical
hackers say they received noacknowledgement from Restaurants,
Brand, International, and cap.
The report with quote Wendy's is betterend quote, . But this won't be the only
bite on this particular pain sandwich.
One can just hear the privacycommissioners and regulators unwrapping
(11:07):
their next tasty investigation, which forTim Horton's comes just three years after
the last regulator stern talking to for acreepy tracking portion of its mobile app.
That's cybersecurity todayfor Monday, September 8th.
If you missed last weekend's in-depthinterview with EC researchers who
(11:30):
built an AI to turn CVE documentationinto workable exploits in under
15 minutes for less than a dollar.
Jim did a great job following the storywe covered on a Monday morning segment.
As always, stay skepticaland stay patched,
. Please help us spread the word about theshow, like, subscribe, leave a review
(11:52):
and if you enjoy the show, tell others.
We'd love to grow our audienceand we need your help.
I've been your host, David Shipley.
Jim Love will be back on Wednesday.
New supply chain attack steals morethan 3000 secrets from GitHub, hijacked
GitHub, credentials behind massive sales.
Loft breach chat, GPT just as vulnerableas humans are to being manipulated.
And Hackers are impressed bypopular restaurants, commitment
to terrible security practices.
(00:22):
This is cybersecurity today, andI'm your host, David Shipley, coming
to you from beautiful San Diego.
Let's dig into the latest.
Git Guardian has discovereda new supply chain attack.
They're calling the Ghost Action Campaign.
It infiltrated more than 800 GitHubrepositories across 327 users.
(00:44):
Attackers slipped malicious GitHubactions workflows into projects starting
with the FAST UUID library and usethem to steal over 3,300 secrets.
Those secrets included pi, pi NPM,and Docker Hub tokens all funneled
to an attacker controlled server.
The good news is theattack was caught quickly.
(01:06):
On September 5th, Git Guardian raisedthe alarm and by noon pi, PI had
locked the affected project and themalicious commit was rolled back.
There is no sign that tainted packageswere uploaded during that window.
But the problem went further.
Git Guardian found similar maliciousworkflows in at least six other public
(01:26):
and nearly 10 private repositoriesall pointing to the same endpoint.
The company created issues inmore than 570 affected repos and
alerted GitHub, NPM, and the PII.
Security teams.
Monitoring continues to ensurestolen credentials aren't abused.
This is just the latest string ofattacks on developer environments,
(01:48):
tools, and processes so far this year.
In July, attackers compromised top totals.
GitHub organization pushing maliciousNPM packages downloaded thousands of
times before they were taken down andaround the same time, a zero day in open
VSX, the extension marketplace for VS.
Code derivatives put millions ofdevelopers at risk before it was patch.
(02:12):
And in August, a Chromium sandboxescape Flaw, CVE 20 25 46 0 9 exposed
about 1.5 million developers torisk through electron based ides.
the lesson here.
It's not just finished softwarepackages that are under attack
looking for vulnerabilities.
(02:33):
The entire software developmentecosystem from build tools to workflows
is a increasingly prime target.
Protecting these environments, hardeningthese processes is critical to defending
the modern software supply chain.
And on that note, Mandiant isproviding new insights into the massive
(02:56):
SalesLoft breach, which has led tocompromises for major cybersecurity
and SaaS firms, Salesforce CRMs, andpotentially hundreds of other victims.
What we're learning today is that inMarch through June, 2025, the threat
actor accessed SalesLoft's GitHub account.
(03:16):
With this access the threat actorwas able to download content from
multiple repositories and add a guestuser as well as establish workflows.
The investigators noted that theattacker had done reconnaissance
activities between March and June inthe Sales Loft and Drift application
environments, but their analysishas found no evidence beyond limited
(03:38):
reconnaissance related to the SalesLoft application environments itself.
The threat actor then accessed Drifts AWSenvironment and obtained OAuth tokens for
Drift customers technology integrations.
They then used those stolen OAuthtokens to access data from clients
via any integrations they've done withDrift Sunday's update from SalesLoft
(04:03):
and Mandiant comes as SaaS giant.
Workiva becomes the latestto announce a breach of their
customer information via their CRM.
Attackers stole business contactinformation, including names,
email addresses, phone numbers,and support ticket data.
Importantly, Workiva stressedthat its own SaaS platform and
customer tenant were not impacted.
(04:26):
Customers have been warned to watchfor the inevitable increase in
phishing attempts that will follow.
The disclosure from Workiva comesjust weeks after another announcement
by HR and finance software.
Giant Workday in mid-August, Workdayattackers use social engineering
to trick its staff into grantingaccess to its third party CRM.
(04:48):
Like Workiva, the stolendata included only business
information that was in the CRM.
There was no sign that internalcustomer tenants or the core Workday
platform were touched by attackers.
What ties these incidents togetheris their place in this larger summer
of Salesforce related attacks.
These attacks are exploiting socialengineering, targeting humans, as
(05:11):
well as finding holes in systemsand integrations in order to
access the data in the popular CRM.
The extortion group, Shiny Huntersand others have been targeting CRM
systems using OAuth applicationabuse and impersonation tactics.
these campaigns, hit big nameorganizations around the world.
Google, Cisco, Adidas, Dior,Louis Vuitton, and more.
(05:36):
Now social engineering has alwaysbeen part of the cybersecurity threat
landscape, but what's different todayis the speed and sophistication with
which criminals are outpacing defenders.
Attackers are combining stolen contactinformation with well-crafted AI,
phishing, or vishing campaigns thatare far more convincing than the past.
By exploiting trusted SaaSintegrations, they move quickly from
(05:59):
stealing basic contact details tolaunching more targeted attacks.
Organizations need to make sure theydon't just secure their own platforms.
They have to harden the trust connectionswith third party SaaS providers, and that
means tightening identity verification,monitoring OAuth activity, and preparing
employees to be vigilant and skepticalof unexpected requests, even if they
(06:22):
appear to come from trusted systems.
What has the hair on the back of myneck standing up is that a number of
big brands throughout these breachannouncements, particularly tech
and cybersecurity companies likeCloudFlare and Zscaler are disclosing.
The attackers took support ticketinformation that in some cases
included sensitive credentials.
(06:44):
You heard that right?
Take CloudFlare.
Investigators found that support ticketsaccess via the compromised Salesforce
drift AI integration included not onlynames and contact info, but also API
tokens logs, and even more worrisomesome cases, passwords that customers had
shared through support ticket request.
(07:04):
Bottom line, attackers are innovatingfaster in social engineering, finding
new attack paths via supply chain, anddefenders have to catch up or risk.
Watching this CRM Summerof Pain get even worse.
Speaking of social engineering andpsychological manipulation, a new preprint
study outta the University of Pennsylvaniaclaims that large language model chatbots,
(07:28):
such as GPT-4 can be surprisingly easy tomanipulate through psychological tactics.
Researchers created prompts usingtechniques like authority, commitment,
liking social proof, and scarcity, andtested the model with two forbidden
requests insulting the user and providinginstructions for synthesizing lidocaine.
(07:50):
These persuasion based promptsdramatically increased the AI's
rule breaking compliance rates.
For example, the authority promptboosted compliance with the lidocaine
request from 4.7% to 95.2%, and thecommitment technique raised compliance
to a hundred percent from almost none.
(08:11):
What stands out isn'tthat AI can be tricked.
That's long been understood.
Rather, this study shows thatcriminals are innovating faster
in social engineering against AIsafeguards just as with human targets.
These models mirror persuasivecues embedded in their training
data, operating with what researchcall para human behaviors.
(08:32):
These findings underscorea growing reality.
Even well-intentioned guardrails canbe bypassed with clever prompting,
grounded in social psychology.
It's a call to action for AIdevelopers and security teams.
Guardrails must become more robust,not just technically enforced,
but psychologically aware.
And now is the time to be engagingat a far deeper level with
(08:56):
the social science community.
The next generation of AIthreat vectors, it's not just
technical, it's psychological.
This is the kind of story that givessenior executives and their PR teams some
serious upset stomachs and indigestion,
and it was so well written by MarkTyson at Tom's Hardware Ethical
(09:19):
Hackers, bobbed the hacker.
And Bobbed the shoplifter haveunearthed what they've dubbed,
quote, catastrophic vulnerabilities.
End quote, in the digital platformsof Restaurant Brands International.
Yes, the parent company behindBurger King, Tim Horton's and
Popeye's, they were so easy to hack.
One irony laced researcher equipped.
(09:39):
The systems were about as solid asa paper whopper wrapped in the rain.
across all three brands, assistantplatform domains, imagine
assistant.bk.com, assistant dot timhortons.com, and assistant.popeyes.com.
The flaws rolled out the red carpet.
The researchers could create accountsthanks to a forgot to disable signups.
(10:02):
API bypass email verification entirelyvia the GraphQL introspection and use
a create token mutation to elevatethemselves to admin to access the systems.
And if that doesn't make you do adouble take passwords, were also
hard coded in the HTML, includingan admin password buried in the
drive-through tablet interfaces.
(10:24):
Yes, admin in plain sight inthe code for the cherry on top.
The duo could listen in on livedrive-through conversations, including
ones containing personal data because RBIfunneled those recordings to AI systems
for analysis if customer privacy wasn'talready toast, that sealed the deal.
(10:46):
Despite acting responsibly anddisclosing the issues the ethical
hackers say they received noacknowledgement from Restaurants,
Brand, International, and cap.
The report with quote Wendy's is betterend quote, . But this won't be the only
bite on this particular pain sandwich.
One can just hear the privacycommissioners and regulators unwrapping
(11:07):
their next tasty investigation, which forTim Horton's comes just three years after
the last regulator stern talking to for acreepy tracking portion of its mobile app.
That's cybersecurity todayfor Monday, September 8th.
If you missed last weekend's in-depthinterview with EC researchers who
(11:30):
built an AI to turn CVE documentationinto workable exploits in under
15 minutes for less than a dollar.
Jim did a great job following the storywe covered on a Monday morning segment.
As always, stay skepticaland stay patched,
. Please help us spread the word about theshow, like, subscribe, leave a review
(11:52):
and if you enjoy the show, tell others.
We'd love to grow our audienceand we need your help.
I've been your host, David Shipley.
Jim Love will be back on Wednesday.
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
My Favorite Murder with Karen Kilgariff and Georgia Hardstark
My Favorite Murder is a true crime comedy podcast hosted by Karen Kilgariff and Georgia Hardstark. Each week, Karen and Georgia share compelling true crimes and hometown stories from friends and listeners. Since MFM launched in January of 2016, Karen and Georgia have shared their lifelong interest in true crime and have covered stories of infamous serial killers like the Night Stalker, mysterious cold cases, captivating cults, incredible survivor stories and important events from history like the Tulsa race massacre of 1921. My Favorite Murder is part of the Exactly Right podcast network that provides a platform for bold, creative voices to bring to life provocative, entertaining and relatable stories for audiences everywhere. The Exactly Right roster of podcasts covers a variety of topics including historic true crime, comedic interviews and news, science, pop culture and more. Podcasts on the network include Buried Bones with Kate Winkler Dawson and Paul Holes, That's Messed Up: An SVU Podcast, This Podcast Will Kill You, Bananas and more.