Hardcut · Findings

The support bot had write access

Tue, 02 Jun 2026 00:00:00 GMT

Meta's own AI support assistant reset Instagram passwords for whoever asked, with no credentials and no phishing needed. The failure was not the model. It was putting an LLM where an authorization check belonged.

Fourteen years of moving production without anyone noticing

Mon, 01 Jun 2026 00:00:00 GMT

Where I worked before Hardcut, what kept killing the migrations I watched, and the one promise the practice is built on.

Meta AI support bot hijacked to reset Instagram passwords

Mon, 01 Jun 2026 00:00:00 GMT

Attackers asked Meta's AI Support Assistant to add an email to a target account, received the reset code themselves, and completed a password reset — no credentials, phishing, or malware. Accounts with MFA were unaffected.

Your stack is a core sample

Sun, 31 May 2026 00:00:00 GMT

Open a system that has run for a decade and you are reading sediment: one layer per tech era, still load-bearing. A field guide to the whole sequence.

Gitea container registries exposing private images without auth

Mon, 25 May 2026 00:00:00 GMT

CVE-2026-27771: Gitea (pre-1.26.2) and forks failed to enforce access control on private container registries. ~31,750 instances exposed application code, credentials, and certs to unauthenticated pull.

2026 so far: a security incident retrospective

Fri, 22 May 2026 00:00:00 GMT

Five months, one supply-chain actor reaching GitHub itself, and two of the year's worst bugs found by AI in under an hour.

Hello, Hardcut

Fri, 22 May 2026 00:00:00 GMT

Why this consultancy exists, and what 'clean cutover' means in practice.

GitHub-internal repos exfiltrated via poisoned VS Code extension

Wed, 20 May 2026 00:00:00 GMT

Developer endpoint compromised by a malicious Nx Console VS Code extension (~2.2M installs). TeamPCP exfiltrated ~3,800 GitHub-internal repositories.

Grafana Labs GitHub breach via TanStack

Tue, 19 May 2026 00:00:00 GMT

Detected the TanStack activity on May 11 and rotated tokens, but missed one workflow token that was assumed unaffected. Attackers used remaining access to download source.

"YellowKey" BitLocker bypass mitigated

Tue, 19 May 2026 00:00:00 GMT

CVSS 6.8 understates the risk: in laptop-theft scenarios, BitLocker is often the only thing between data-at-rest and a stranger holding the device.

NGINX heap overflow in ngx_http_rewrite_module

Fri, 15 May 2026 00:00:00 GMT

Versions 0.6.27 through 1.30.0. CVSS 9.2. Active exploitation observed. If you run NGINX and your version is older than 1.30.1, this is the patch to ship first.

TanStack and the Mini Shai-Hulud npm worm

Mon, 11 May 2026 00:00:00 GMT

84 npm artifacts across 42 @tanstack/* packages plus @squawk/*, @mistralai/*, others, chaining GitHub Actions Pwn Request, cache poisoning, OIDC token theft.

"Copy Fail": deterministic Linux kernel LPE on all major distros

Wed, 29 Apr 2026 00:00:00 GMT

Logic flaw in algif_aead lets an unprivileged user do controlled 4-byte writes into the page cache, corrupt privileged binaries, escalate to root. 732-byte PoC.

Adobe support tickets exfiltrated via BPO

Thu, 23 Apr 2026 00:00:00 GMT

Phishing on a BPO support employee → RAT → escalation to manager → full access to ticketing. The platform let any agent export every ticket in one bulk request.

Bitwarden CLI npm package compromised for 90 minutes

Wed, 22 Apr 2026 00:00:00 GMT

@bitwarden/cli@2026.4.0 sat on npm just long enough to harvest AWS/Azure/GCP/GitHub/npm tokens, SSH material, and shell history, then self-propagate.

`git push` command injection on GitHub.com and Enterprise

Mon, 20 Apr 2026 00:00:00 GMT

Wiz Research found push-option values weren't sanitized before being written into the internal X-Stat header. Any authenticated user with push access could execute commands as the git user.

Cisco dev-environment breach via Trivy creds

Tue, 31 Mar 2026 00:00:00 GMT

Attackers used credentials stolen in the Trivy compromise to access Cisco's internal build systems. Allegedly: multiple AWS keys, 300+ GitHub repos cloned.

LiteLLM and Telnyx Python SDKs poisoned on PyPI

Wed, 25 Mar 2026 00:00:00 GMT

Same playbook: inject infostealer payloads that execute during routine CI automation. LiteLLM claims ~95M monthly downloads.

Checkmarx KICS Action compromised via stolen Trivy tokens

Sat, 21 Mar 2026 00:00:00 GMT

GitHub PATs harvested from the Trivy intrusion used to force-push malicious tags on checkmarx/kics-github-action. Different domains than the Trivy wave, so tag-pinning missed it.

Trivy supply-chain compromise: the year's pivot point

Thu, 19 Mar 2026 00:00:00 GMT

TeamPCP takes over the aqua-bot service account, force-pushes malicious commits to 76 of 77 trivy-action tags plus the scanner binary and Docker Hub images.

UMMC ransomware downs Mississippi statewide health network

Thu, 19 Feb 2026 00:00:00 GMT

EPIC EMR offline, clinics closed, statewide hospital transfer coordination knocked out. Chemo patients turned away because records were inaccessible.

Notepad++ update channel hijacked for six months

Thu, 12 Feb 2026 00:00:00 GMT

WinGUp updater used by Notepad++ < 8.8.9 failed to verify download signatures. Lotus Blossom replaced legit installers with Cobalt Strike + Chrysalis.

Six actively exploited Microsoft bugs in one Patch Tuesday

Wed, 11 Feb 2026 00:00:00 GMT

SmartScreen bypass, IE/LNK code-exec, OLE mitigation bypass in Office, DWM LPE, and a Remote Desktop Services escalation to SYSTEM.

TeamPCP surfaces as a named threat actor

Thu, 15 Jan 2026 00:00:00 GMT

First seen targeting misconfigured Docker APIs and Kubernetes clusters. By May the same crew would be linked to Trivy, Checkmarx, Bitwarden CLI, TanStack, and GitHub itself.

Windows DWM zero-day exploited in the wild

Wed, 14 Jan 2026 00:00:00 GMT

Information disclosure in Desktop Window Manager, CVSS 5.5, and actively exploited. Textbook case for why CVSS alone shouldn't drive patch priority.