Notes on cutovers, infrastructure, and finishing migrations.
Working notes from the Hardcut practice: methodology, lessons from recent engagements, and arguments about why parallel runs cost more than cutovers.
-
The support bot had write access
Meta's own AI support assistant reset Instagram passwords for whoever asked, with no credentials and no phishing needed. The failure was not the model. It was putting an LLM where an authorization check belonged.
-
Fourteen years of moving production without anyone noticing
Where I worked before Hardcut, what kept killing the migrations I watched, and the one promise the practice is built on.
-
Meta AI support bot hijacked to reset Instagram passwords
Attackers asked Meta's AI Support Assistant to add an email to a target account, received the reset code themselves, and completed a password reset — no credentials, phishing, or malware. Accounts with MFA were unaffected.
-
Your stack is a core sample
Open a system that has run for a decade and you are reading sediment: one layer per tech era, still load-bearing. A field guide to the whole sequence.
-
Gitea container registries exposing private images without auth
CVE-2026-27771: Gitea (pre-1.26.2) and forks failed to enforce access control on private container registries. ~31,750 instances exposed application code, credentials, and certs to unauthenticated pull.
-
2026 so far: a security incident retrospective
Five months, one supply-chain actor reaching GitHub itself, and two of the year's worst bugs found by AI in under an hour.
-
Hello, Hardcut
Why this consultancy exists, and what 'clean cutover' means in practice.
-
GitHub-internal repos exfiltrated via poisoned VS Code extension
Developer endpoint compromised by a malicious Nx Console VS Code extension (~2.2M installs). TeamPCP exfiltrated ~3,800 GitHub-internal repositories.
-
Grafana Labs GitHub breach via TanStack
Detected the TanStack activity on May 11 and rotated tokens, but missed one workflow token that was assumed unaffected. Attackers used remaining access to download source.
-
"YellowKey" BitLocker bypass mitigated
CVSS 6.8 understates the risk: in laptop-theft scenarios, BitLocker is often the only thing between data-at-rest and a stranger holding the device.
-
NGINX heap overflow in ngx_http_rewrite_module
Versions 0.6.27 through 1.30.0. CVSS 9.2. Active exploitation observed. If you run NGINX and your version is older than 1.30.1, this is the patch to ship first.
-
TanStack and the Mini Shai-Hulud npm worm
84 npm artifacts across 42 @tanstack/* packages plus @squawk/*, @mistralai/*, others, chaining GitHub Actions Pwn Request, cache poisoning, OIDC token theft.
-
"Copy Fail": deterministic Linux kernel LPE on all major distros
Logic flaw in algif_aead lets an unprivileged user do controlled 4-byte writes into the page cache, corrupt privileged binaries, escalate to root. 732-byte PoC.
-
Adobe support tickets exfiltrated via BPO
Phishing on a BPO support employee → RAT → escalation to manager → full access to ticketing. The platform let any agent export every ticket in one bulk request.
-
Bitwarden CLI npm package compromised for 90 minutes
@bitwarden/cli@2026.4.0 sat on npm just long enough to harvest AWS/Azure/GCP/GitHub/npm tokens, SSH material, and shell history, then self-propagate.
-
`git push` command injection on GitHub.com and Enterprise
Wiz Research found push-option values weren't sanitized before being written into the internal X-Stat header. Any authenticated user with push access could execute commands as the git user.
-
Cisco dev-environment breach via Trivy creds
Attackers used credentials stolen in the Trivy compromise to access Cisco's internal build systems. Allegedly: multiple AWS keys, 300+ GitHub repos cloned.
-
LiteLLM and Telnyx Python SDKs poisoned on PyPI
Same playbook: inject infostealer payloads that execute during routine CI automation. LiteLLM claims ~95M monthly downloads.
-
Checkmarx KICS Action compromised via stolen Trivy tokens
GitHub PATs harvested from the Trivy intrusion used to force-push malicious tags on checkmarx/kics-github-action. Different domains than the Trivy wave, so tag-pinning missed it.
-
Trivy supply-chain compromise: the year's pivot point
TeamPCP takes over the aqua-bot service account, force-pushes malicious commits to 76 of 77 trivy-action tags plus the scanner binary and Docker Hub images.
-
UMMC ransomware downs Mississippi statewide health network
EPIC EMR offline, clinics closed, statewide hospital transfer coordination knocked out. Chemo patients turned away because records were inaccessible.
-
Notepad++ update channel hijacked for six months
WinGUp updater used by Notepad++ < 8.8.9 failed to verify download signatures. Lotus Blossom replaced legit installers with Cobalt Strike + Chrysalis.
-
Six actively exploited Microsoft bugs in one Patch Tuesday
SmartScreen bypass, IE/LNK code-exec, OLE mitigation bypass in Office, DWM LPE, and a Remote Desktop Services escalation to SYSTEM.
-
TeamPCP surfaces as a named threat actor
First seen targeting misconfigured Docker APIs and Kubernetes clusters. By May the same crew would be linked to Trivy, Checkmarx, Bitwarden CLI, TanStack, and GitHub itself.
-
Windows DWM zero-day exploited in the wild
Information disclosure in Desktop Window Manager, CVSS 5.5, and actively exploited. Textbook case for why CVSS alone shouldn't drive patch priority.