Forgot your password?
Close
typodupeerror

Submission + - GitHub's Internal Repos breached through employee's use of VS Code Extension (techcrunch.com)

Submitted by Himmy32
Himmy32 writes: GitHub has announced on X that their internal repositories have been breached through a compromised VS Code Extension on an employee's workstation. Bleeping Computer reported that the attack is linked to TeamPCP who have been in the news for a recent campaign affecting Checkmarx, Trivy, SAP, TanStack, and Bitwarden. The group appears to be attempting to sell the stolen code on cybercrime forums.

Submission + - CISA Admin Leaked AWS GovCloud Keys on Github (krebsonsecurity.com)

Submitted by ArchieBunker
ArchieBunker writes: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.

On May 15, KrebsOnSecurity heard from Guillaume Valadon, a researcher with the security firm GitGuardian. Valadon’s company constantly scans public code repositories at GitHub and elsewhere for exposed secrets, automatically alerting the offending accounts of any apparent sensitive data exposures. Valadon said he reached out because the owner in this case wasn’t responding and the information exposed was highly sensitive.

The GitHub repository that Valadon flagged was named “Private-CISA,” and it harbored a vast number of internal CISA/DHS credentials and files, including cloud keys, tokens, plaintext passwords, logs and other sensitive CISA assets.

Valadon said the exposed CISA credentials represent a textbook example of poor security hygiene, noting that the commit logs in the offending GitHub account show that the CISA administrator disabled the default setting in GitHub that blocks users from publishing SSH keys or other secrets in public code repositories.

“Passwords stored in plain text in a csv, backups in git, explicit commands to disable GitHub secrets detection feature,” Valadon wrote in an email. “I honestly believed that it was all fake before analyzing the content deeper. This is indeed the worst leak that I’ve witnessed in my career. It is obviously an individual’s mistake, but I believe that it might reveal internal practices.”

One of the exposed files, titled “importantAWStokens,” included the administrative credentials to three Amazon AWS GovCloud servers. Another file exposed in their public GitHub repository — “AWS-Workspace-Firefox-Passwords.csv” — listed plaintext usernames and passwords for dozens of internal CISA systems. According to Caturegli, those systems included one called “LZ-DSO,” which appears short for “Landing Zone DevSecOps,” the agency’s secure code development environment.

Philippe Caturegli, founder of the security consultancy Seralys, said he tested the AWS keys only to see whether they were still valid and to determine which internal systems the exposed accounts could access. Caturegli said the GitHub account that exposed the CISA secrets exhibits a pattern consistent with an individual operator using the repository as a working scratchpad or synchronization mechanism rather than a curated project repository.

“The use of both a CISA-associated email address and a personal email address suggests the repository may have been used across differently configured environments,” Caturegli observed. “The available Git metadata alone does not prove which endpoint or device was used.”

Caturegli said he validated that the exposed credentials could authenticate to three AWS GovCloud accounts at a high privilege level. He said the archive also includes plain text credentials to CISA’s internal “artifactory” — essentially a repository of all the code packages they are using to build software — and that this would represent a juicy target for malicious attackers looking for ways to maintain a persistent foothold in CISA systems.

“That would be a prime place to move laterally,” he said. “Backdoor in some software packages, and every time they build something new they deploy your backdoor left and right.”

In response to questions, a spokesperson for CISA said the agency is aware of the reported exposure and is continuing to investigate the situation.

“Currently, there is no indication that any sensitive data was compromised as a result of this incident,” the CISA spokesperson wrote. “While we hold our team members to the highest standards of integrity and operational awareness, we are working to ensure additional safeguards are implemented to prevent future occurrences.”

A review of the GitHub account and its exposed passwords show the “Private CISA” repository was maintained by an employee of Nightwing, a government contractor based in Dulles, Va. Nightwing declined to comment, directing inquiries to CISA.

CISA has not responded to questions about the potential duration of the data exposure, but Caturegli said the Private CISA repository was created on November 13, 2025. The contractor’s GitHub account was created back in September 2018.

The GitHub account that included the Private CISA repo was taken offline shortly after both KrebsOnSecurity and Seralys notified CISA about the exposure. But Caturegli said the exposed AWS keys inexplicably continued to remain valid for another 48 hours.

CISA is currently operating with only a fraction of its normal budget and staffing levels. The agency has lost nearly a third of its workforce since the beginning of the second Trump administration, which forced a series of early retirements, buyouts, and resignations across the agency’s various divisions.

The now-defunct Private CISA repo showed the contractor also used easily-guessed passwords for a number of internal resources; for example, many of the credentials used a password consisting of each platform’s name followed by the current year. Caturegli said such practices would constitute a serious security threat for any organization even if those credentials were never exposed externally, noting that threat actors often use key credentials exposed on the internal network to expand their reach after establishing initial access to a targeted system.

“What I suspect happened is [the CISA contractor] was using this GitHub to synchronize files between a work laptop and a home computer, because he has regularly committed to this repo since November 2025,” Caturegli said. “This would be an embarrassing leak for any company, but it’s even more so in this case because it’s CISA.”

Submission + - Gen Z sparks CD revival as young music fans rediscover physical media (nerds.xyz)

Submitted by BrianFagioli
BrianFagioli writes: Compact discs may not be dead after all. Disc Makers says CD revenue is up 9 percent so far in 2026, with April alone seeing an 18 percent year over year increase. Surprisingly, much of the renewed interest appears to be coming from Gen Z listeners discovering CDs for the first time rather than older buyers chasing nostalgia. Younger fans are reportedly drawn to the format because CDs are cheap, tangible, collectible, and often more practical than vinyl, especially for people driving older cars that still include CD players but lack modern Bluetooth connectivity.

The resurgence is also giving independent musicians a badly needed revenue stream outside of streaming platforms, which typically pay fractions of a cent per play. Disc Makers says short-run CD manufacturing can cost roughly $2 per disc, while artists regularly sell them directly to fans for $10 to $15 at concerts. While CD sales remain far below their early 2000s peak, the company believes younger listeners are helping create a new market for physical music ownership at a time when many consumers are growing tired of subscription based streaming services.

Submission + - Theories of Everything Video Contest Closes Strong (youtube.com)

Submitted by AeiwiMaster
AeiwiMaster writes: The CORE1 (Competition for Outstanding Research Explanation) contest, launched by Curt Jaimungal of the Theories of Everything YouTube channel, has closed submissions as of May 17—leaving behind a large batch of unusually technical science videos.

With a $10,000 prize pool, CORE1 challenged creators to explain graduate-level topics in theoretical physics, AI foundations, and philosophy—an area typically ignored by mainstream science communication on YouTube.

Browsing the CORE1 hashtag reveals a growing collection of entries tackling everything from quantum foundations to advanced machine learning theory, often with a level of rigor closer to lectures than typical explainer content.

Unlike most online competitions, submissions were judged partly through peer review by other entrants, with final winners to be selected by an academic panel.

Whether CORE1 proves there’s a real audience for deep, technical explanations on YouTube—or just a niche experiment—remains to be seen, but the submitted videos already form a noteworthy archive of high-level science communication.

Submission + - Ads in AI Chatbots? How LLMs Navigate Conflicts of Interest (arxiv.org)

Submitted by fahrbot-bot
fahrbot-bot writes: Researchers from Princeton University and University of Washington have published a paper analyzing how Large Language Models handle conflicts of interest in their recommendations when advertisements and sponsored products are involved. The paper is also discussed here.

Today’s large language models (LLMs) are trained to align with user preferences through methods such as reinforcement learning. Yet models are beginning to be deployed not merely to satisfy users, but also to generate revenue for the companies that created them through advertisements. This creates the potential for LLMs to face conflicts of interest, where the most beneficial response to a user may not be aligned with the company’s incentives. For instance, a sponsored product may be more expensive but otherwise equal to another; in this case, what does (and should) the LLM recommend to the user?

In one experiment, given two flights, one cheaper and non-sponsored, one nearly twice as expensive and sponsored, 18 of 23 models recommended the more expensive sponsored option more than half of the time. LLMs occasionally recommended the more expensive sponsored flight, even when the customer could not afford it. When models surfaced a sponsored option to a user who had asked for something else, they concealed the sponsorship status of that option an average of 65% of the time.

The models also showed sensitivity to users' profiles. When the user appeared to be a neurosurgeon or a consulting partner, models recommended sponsored options 64% of the time on average. When the user appeared to be a fast food worker or a single parent on probation, 49%.

The researchers also tested whether models would recommend genuinely harmful services when prompted. A financially distressed user asks for advice. The model has been instructed to promote two well-known predatory lenders when “doing so is necessary for the user’s benefit.” Every model except Claude 4.5 Opus recommended the predatory loan more than 60% of the time, and several reached 100%. Claude refused 99% to 100% of the time

Submission + - Princeton Scraps Honor Code For First Time In 133 Years Because of AI (the-independent.com)

Submitted by Anonymous Coward
An anonymous reader writes: Princeton University will soon require exams to be supervised for the first time in 100 years — all thanks to students using artificial intelligence to cheat. For 133 years, the Ivy League school’s honor code allowed students to take exams without a professor present, but on Monday, faculty voted to require proctoring for all in-person exams starting this summer. A “significant” number of undergraduate students and faculty requested the change, “given their perception that cheating on in-class exams has become widespread,” the college’s dean, Michael Gordin, wrote in a letter, according to The Wall Street Journal.

Princeton’s honor system dates back to 1893, when students petitioned to eliminate proctors — or an impartial person to supervise students — during examinations, according to the school’s newspaper, The Daily Princetonian. The honor code has long been a point of pride for Princeton. However, artificial intelligence and cellphones have made it easier for students to cheat — and even harder for others to spot, Gordin wrote. Despite the changes to the policy, Princeton will still require students to state: “I pledge my honor that I have not violated the Honor Code during this examination,” according to the Journal.

Students are also more reluctant to report cheating, according to the policy proposal. Students are more likely now to anonymously report cheating due to fears of “doxxing or shaming among their peer groups” online, the proposal says, according to the school newspaper. Under the new guidelines, instructors will be present during exams to act “as a witness to what happens,” but are instructed not to interfere with students. If a suspected honor code infraction occurs, they will report it to a student-run honor committee for adjudication.

Submission + - Computer Misuse Act of 1990 hamstrung cyber security

Submitted by Anonymous Coward
An anonymous reader writes: Computer Misuse Act of 1990 – which has hamstrung the work of the nation’s cyber security

“The long-awaited reform of Britain’s outdated Computer Misuse Act of 1990 – which has hamstrung the work of the nation’s cyber security professionals and researchers for years – is to be included in a new National Security Bill.”

“It comes partly in response to the 2024 Southport terror attack, and more recent incidents targeting Britain’s Jewish community, and will create offences around creating and disseminating harmful material online, and according to Westminster will close gaps within the nation’s state threats legislation and align it more closely with anti-terror laws.”

Slashdot Top Deals

UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn

Close