Join our lively hosts, Eden and Amitai, as they explore the most fascinating cloud security news of the month.
On this episode:

🧃🔗 More juice on 3CX supply chain attack
✂️💔 PaperCut vulnerabilities
📦🔓 Capita exposed a bucket with sensitive data for 7 years
🚗☁️ Toyota cloud misconfiguration leaked customer data for 10 years
🚢🔄 Trend of hijacking containers for traffic routing

#4 - Daisy Chain: A Double Supply Chain Attack

The AI bug hunting revolution is here, and it just broke Linux.
On this episode of Crying Out Cloud, Eden Koby Naftali & Amitai Cohen sit down with Tim Becker and Jacob Newman from Xint to unpack CopyFail, a powerful vulnerability found using autonomous AI agents.
1. How Xint's custom LLM harness uncovered CopyFail, a privilege escalation bug affecting almost every Linux machine since 2017.
2. The harsh reality of vulnerability disclosure in the AI era and why 90 days is too long when models can weaponize exploits instantly by patch-diffing.
3. The evolution of AI agents in security, from the DARPA AI Cyber Challenge to Claude 3.5 Sonnet to Mythos.
4. The importance of benchmarking in agentic workflows.

The Linux CopyFail Vulnerability & AI Bug Hunting with Xint

Wiz researcher Sagi Tzadik joins us to break down how a single semicolon led to a critical Remote Code Execution (RCE) vulnerability in GitHub.

For two years, Sagi sat on a lead. Reverse engineering GitHub's microservices manually was too tedious to justify the time. Then, AI agents arrived. By hooking Claude directly into his reverse engineering software, he condensed months of grueling binary analysis into 48 hours. The result? A critical bug in how GitHub handles git push options that exposed both SaaS and Enterprise environments. We get into the weeds on how different microservices interpreting the same input differently creates massive attack surfaces, and why security by obscurity is officially dead in the age of AI.

What's Inside:
- How combining Claude with the IDA MCP server dramatically sped up the reverse engineering process
- The technical anatomy of the GitHub semicolon vulnerability.
- Why microservice communication breakdowns lead to critical RCEs.
- The massive difference in impact between GitHub.com and GitHub Enterprise Server.
- Why Enterprise users need to patch their instances immediately.

Resources:
- Learn more about the findings at: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854 

Hacking GitHub with a Semicolon & Claude with Sagi Tzadik

Join our charismatic hosts, @Eden and @Amitai, as they uncover the most captivating cloud security news of the month.

In this action-packed episode:

🕵️‍♂️ Mysterious redirections to adult websites in East Asia
🎣 Crafty hackers using fake Google ads for credential theft
🦪 Don't panic, stay clam: The ClamAV vulnerability
🕹️ Gaming industry under fire: Minecraft and Dota 2 incidents 
🇺🇸 US Department of Defense data exposure drama 
🔗 And the GoDaddy supply chain attack that everyone's talking about!

#2 - Hijacked Websites In China Redirect Traffic

Resources

More episodes

#4 - Daisy Chain: A Double Supply Chain Attack

The Linux CopyFail Vulnerability & AI Bug Hunting with Xint

Hacking GitHub with a Semicolon & Claude with Sagi Tzadik

Crying Out Cloud Newsletter