LONGLEASH Malware Adds Reverse Shell, Proxying, and Intermediate C2 Capabilities

A significant upgrade to malware maintained by the UAT-7810 actor: LONGLEASH, a successor to the previously reported SHORTLEASH implant, now sporting reverse-shell, multi-protocol proxying, and intermediate command-and-control (C2) forwarding capabilities. LONGLEASH retains SHORTLEASH’s ff-agent codebase but expands its operational scope.…

GitLost Vulnerability Lets Attackers Trick GitHub AI Agent Into Leaking Private Repos

A critical vulnerability known as “GitLost” has been discovered in GitHub’s newly introduced Agentic Workflows by Noma Labs. This flaw allows unauthenticated attackers to exfiltrate sensitive data from private repositories. It demonstrates how AI-driven automation within development pipelines can be…