Brief #106: GitHub AI Exploit, TikTok Malware Campaign, Zscaler Acquires Red Canary

Happy Sunday!

The DoD's first DevSecOps report caught my eye this week - seeing 50+ software factories delivering code to production shows real momentum in modernizing government security practices, even as many orgs face tightening budgets.

In this week's brief:

• A concerning GitHub MCP vulnerability allowing attackers to exfiltrate data from private repositories
• New research showing multi-layered defenses can stop 99% of prompt injection attacks
• Insights on how SOC roles are evolving toward advanced skills rather than facing AI displacement

Industry News

GitHub MCP Vulnerability Allows Data Exfiltration From Private Repositories

• Invariant discovered a critical vulnerability in GitHub MCP integration where attackers can create malicious issues on public repositories that when viewed by a user's AI agent can coerce it into leaking data from private repositories through a toxic agent flow attack.

• The attack succeeds even with modern AI models like Claude 4 Opus, as the exfiltration occurs when users view issues with their agent, which then creates pull requests containing the stolen private data in public repositories accessible to attackers.

• Researchers recommend implementing granular permission controls limiting agents to accessing only one repository per session and deploying continuous monitoring solutions like Invariant's MCP-scan to detect potential security violations in real-time.

TikTok Videos Distribute Infostealer Malware Through ClickFix Attacks

• Cybercriminals are using AI-generated TikTok videos to trick viewers into running PowerShell commands that install Vidar and StealC information-stealing malware, with one video reaching nearly 500,000 views.

• The videos masquerade as tutorials for activating premium features in legitimate software like Spotify and CapCut, but actually execute scripts that download malware capable of stealing credentials, credit cards, cookies, cryptocurrency wallets, and 2FA authenticator databases.

• This campaign represents an evolution of the ClickFix social engineering tactic that has previously targeted Windows, macOS, and Linux users, and has also been adopted by state-sponsored threat groups from Russia, North Korea, and Iran.

Chinese Threat Actor "ViciousTrap" Turns 5,500+ Edge Devices Into Honeypot Network

• Sekoia.io researchers discovered a threat actor compromising over 5,500 edge devices across 84 countries, transforming them into a distributed honeypot-like network using a malicious script called NetGhost.

• The attacker targets vulnerable equipment from 60+ manufacturers including SOHO routers, SSL VPNs, and enterprise-grade controllers, exploiting CVE-2023-20118 in Cisco devices and other vulnerabilities to intercept network traffic and collect exploitation attempts.

• Evidence suggests a Chinese-speaking origin, with primary infrastructure hosted in Malaysia (Shinjiru AS45839) and targeting predominantly focused on devices in Taiwan and the United States while avoiding China.

Leadership Insights

DoD Released First-Ever State of DevSecOps Report Highlighting Modernization Progress

• DoD has made significant progress in DevSecOps adoption with over 50 software factories delivering code into production, and approximately 78 acquisition programs using the Software Acquisition Pathway, with 75% delivering software in less than six months.

• The report identifies several key themes including how software factories serve as DoD's "Digital Arsenal," the need for continuous Authority to Operate (cATO), and the critical importance of developing a skilled workforce to support modernization efforts.

• Software factories emerged organically across DoD and fall into distinct categories including Mission-Critical, Training and Education, Infrastructure as Code/CI/CD pipelines, and Innovation Pipelines—each with unique cultural attributes aligned to their specific missions.

CISO Compensation Rises While Security Budgets Remain Constrained

• CISOs at large US companies now earn an average of $532,000 in total compensation, with increasing responsibilities including business risk assessment and digital strategy, though salary growth has slowed compared to COVID-era gains.

• Cybersecurity budgets have decreased from 1.1% to 0.6% of annual revenue according to EY, with IANS reporting even lower figures at 0.35% of revenue, creating challenges for security leaders despite their elevated status.

• 59% of CISOs report not being consulted or being consulted too late during strategic business decisions, highlighting the need to better demonstrate security's value beyond risk mitigation and connect cybersecurity to enterprise-wide growth initiatives.

Pentera Survey Reveals Gaps in Exposure Management Despite Maturing Practices

• Pentera's 2025 State of Pentesting report surveyed 500 CISOs globally, finding that web-facing assets are perceived as most vulnerable (45%), tested the most (57%), and breached most frequently (30%).

• While 67% of enterprises reported a breach in the past two years, only 36% faced downtime and 30% suffered data exposure, highlighting that not all breaches have operational consequences.

• APIs show a concerning gap between perception and reality with a 21% breach rate despite similar testing rates to internal networks (48%), suggesting current testing approaches may be insufficient for these complex systems.

Discover my collection of industry reports, guides and cheat sheets in Cyber Strategy OS

Career Development

Cybersecurity Career Trends: SOC Roles Evolving Toward Advanced Skills Rather Than Facing AI Displacement

• Cybersecurity is returning to its roots as a mid-to-senior level career path, with the days of entry-level professionals getting certifications and high salaries without continued learning coming to an end. The field demands constant automation skills development.

• The primary threat to SOC positions isn't AI but offshoring to lower-cost countries, with companies increasingly hiring technical staff from regions like the Philippines and Mexico instead of local talent.

• Success in cybersecurity requires broad technical knowledge spanning LDAP, firewalls, networking, servers, databases, and proxies - professionals must understand multiple domains rather than specializing too narrowly in a single area.

GRC vs SOC: IT Professional Weighs Career Path Options for Technical Growth

• A cybersecurity professional with 2 years of GRC experience and a law/compliance background is considering an offer to move to a SOC role to gain technical skills, despite having no operational security experience.

• Industry professionals warn that SOC roles often lead to burnout due to on-call requirements, while GRC positions typically offer better work-life balance and potentially faster career advancement opportunities.

• Several respondents noted that early career professionals (under 2 years) may benefit from diverse experiences, but cautioned that the entry-level SOC work can be mundane (alert triage, artifact collection, report writing) and potentially represent a backward career move.

Ethical Hackers Reach Millionaire Status Through Bug Bounty Programs

• HackerOne has created 50 millionaires over the past six years through its bug bounty platform, marking a cultural shift that transformed ethical hacking from a fringe activity to a financially viable profession.

• Major corporations including Google, OpenAI, and Salesforce have embraced bug bounty programs, with Google paying $12 million in 2024 and OpenAI increasing its top reward to $100,000, creating opportunities for hackers from diverse backgrounds.

• Success stories like Nieko "Specters" Rivera, who went from homelessness to house hunting through bug bounties, demonstrate how the inclusive nature of ethical hacking provides career paths regardless of formal education or traditional credentials.

AI & Security

Pangea Research: 99% of Prompt Injection Attacks Stopped With Multi-Layered Defenses

• Pangea's global AI prompt injection challenge analyzed 330,000 attacks across 30 days, revealing that 99% of attempts failed when using a defense-in-depth approach combining system prompts, content inspection, and active prompt injection detection.

• System prompt guardrails alone proved insufficient with a 19% room escape rate, but adding content inspection reduced successful attacks by an order of magnitude, and further adding behavioral detection reduced success to just 0.003%.

• Even single-token prompts like ".uuid" could bypass defenses, demonstrating that non-deterministic responses from LLMs make prompt injection particularly challenging to prevent consistently.

MIT Researchers Propose New Zero-Trust Identity Framework for AI Agents

• A team of researchers from MIT, Cloud Security Alliance, and other institutions have published research proposing a novel framework for authentication and access control in multi-agent AI systems, citing current IAM protocols like OAuth and SAML as fundamentally inadequate for autonomous AI agents.

• The proposed framework leverages Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) to create rich, verifiable Agent IDs that encapsulate an agent's capabilities, provenance, and security posture – enabling fine-grained, context-aware authorization across heterogeneous agent communication protocols.

• The architecture includes an Agent Naming Service (ANS) for capability-aware discovery and a unified global session management layer for consistent policy enforcement and rapid revocation across all agent sessions – crucial for containing compromised agents in zero-trust environments.

AI Agents vs. Agentic AI: Taxonomy, Applications and Security Implications

• This academic paper distinguishes between AI Agents (modular systems driven by LLMs for narrow, task-specific automation) and Agentic AI (multi-agent systems with collaboration, dynamic task decomposition, and persistent memory for complex workflows).

• Applications of AI Agents include customer support, email filtering, and scheduling, while Agentic AI enables more sophisticated use cases such as research automation, robotic coordination, and healthcare decision support systems.

• Key security challenges include hallucination in AI Agents and more complex issues in Agentic AI like inter-agent error propagation, emergent behavior unpredictability, and vulnerabilities in multi-agent coordination.

Market Updates

Zscaler To Acquire Red Canary, Expanding MDR Capabilities

• Cloud security company Zscaler plans to acquire managed detection and response specialist Red Canary in a deal expected to close in August, combining Zscaler's zero-trust cloud with Red Canary's 24/7 threat monitoring capabilities.

• Red Canary's SOAR platform will continue to integrate with its existing 200+ technology partners including CrowdStrike, Microsoft, and SentinelOne, while gaining access to Zscaler's 500 billion daily transactions from its secure web gateway services.

• This acquisition represents a "natural expansion" of Zscaler's recent moves into MDR and threat intelligence, following their $350 million acquisition of risk management platform Avalor last year.

Tenable to Acquire AI Security Startup Apex to Enhance Ungoverned AI Detection

• Tenable is acquiring Israel-based Apex to integrate with its Tenable One platform, enhancing its AI Aware tool by providing capabilities to mitigate threats from ungoverned AI applications and enforce existing security policies.

• Research from Tenable found that over one-third of security teams had unsanctioned AI applications in their environments, highlighting the need for better governance as organizations rapidly adopt AI tools while overlooking potential risks.

• This acquisition marks Tenable's second in 2025 following Vulcan Cyber, continuing its expansion strategy that has included six acquisitions in the past three years including Eureka (data security posture management) and Ermetic (CNAPP).

BreachRx Secures $15M to Scale Incident Response Platform

• Incident response startup BreachRx has raised $15 million in Series A funding led by Ballistic Ventures to expand its go-to-market and engineering teams.

• The platform offers a centralized workspace for security, legal, compliance, and communications teams, automating response plans and defining clear roles and responsibilities during an incident.

• BreachRx recently launched Rex AI, a generative artificial intelligence engine that streamlines incident response by providing real-time recommendations and automating administrative tasks.

Tools

Phantom Threat Inteliigence

A threat intelligence platform that collects, analyzes, and operationalizes threat data from multiple sources to help organizations identify and respond to security threats

APISec

An automated API security testing platform that provides continuous vulnerability assessment, validation, and educational resources for API endpoint security.

Equixly API Security Platform

An AI-powered API security testing platform that performs continuous vulnerability assessment, attack surface mapping, and compliance monitoring of API endpoints.

If you found this newsletter useful, I'd really appreciate if you could forward it to your community and share your feedback below!

For more frequent cybersecurity, leadership and AI updates, follow me on LinkedIn, BlueSky and Mastodon.

Best, 
Nikoloz