TL;DR
GitHub Agentic Workflows can be tricked into leaking private repository data via public issues; RedWing Android malware is being rented as a fraud-as-a-service on Telegram; and critical authentication bypass in Gitea remains under active exploitation.
Executive Summary
- GitHub Agentic Workflows can leak organization private repository contents when tricked by attackers opening public issues, requiring no credentials or prior access.
- Gitea authentication bypass (CVE-2026-20896) is under active exploitation, allowing single HTTP header attacks to bypass authentication and access repositories.
- RedWing Android malware is packaged as a managed service on Telegram, enabling low-skill criminals to conduct phone takeovers and steal banking credentials.
- Google Dialogflow CX flaw could allow compromise of multiple Code Block-enabled agents within the same Cloud project, exposing live conversations and user data.
- Microsoft 365 device code phishing (DEBULL tooling) targeted accounts between late June and early July 2026 using collaboration-themed lures.
Top Threats Today
1. GitHub Agentic Workflows Private Repository Disclosure
Severity: HIGH Affected: Technology
A public issue opened on any GitHub repository can trick Agentic Workflows into leaking the contents of an organization’s private repositories [1]. The attacker requires no stolen credentials, no organizational membership, and no prior access—only the ability to create a normal-looking issue on a publicly accessible repository [1]. Researchers at Noma Security disclosed this vulnerability, which affects organizations running GitHub Agentic Workflows across their projects [1].
Sources:[1] The Hacker News
Recommended Action
- Audit all GitHub organizations for active Agentic Workflows and temporarily disable them pending a security update from GitHub.
- Review recent public repository issues for suspicious content that may have been crafted to trigger data leakage.
- Implement organization-level policies restricting Agentic Workflows to repositories containing no sensitive data until the flaw is patched.
2. Gitea Authentication Bypass Under Active Exploitation
Severity: HIGH Affected: Technology
CVE-2026-20896 in Gitea allows attackers to bypass authentication using a single HTTP header, granting access to vulnerable repositories and secrets [1]. Researchers report that the vulnerability is under active exploitation in the wild [1].
Sources:[1] SecurityWeek
Recommended Action
- Apply the latest Gitea security patch immediately to all instances.
- Review Gitea access logs for suspicious HTTP header patterns and unauthorized authentication attempts in recent days.
- Rotate credentials and secrets stored in affected Gitea repositories.
3. RedWing Android Malware Offered as Fraud-as-a-Service
Severity: HIGH Affected: Finance
RedWing, a new Android malware operation, is being rented as a ready-made bank-fraud service on Telegram [1]. The malware allows attackers—including low-skill criminals—to take over a victim’s phone, steal banking login credentials, and capture one-time codes protecting accounts [1]. Zimperium’s zLabs discovered the operation [1].
Sources:[1] The Hacker News
Recommended Action
- Communicate to users that SMS and email-based one-time codes alone are insufficient protection; recommend app-based authenticators or hardware security keys.
- Monitor for unusual account access patterns and geographic login anomalies in financial systems.
- Advise customers to enable transaction approval workflows and heightened verification for sensitive banking operations.
4. Google Dialogflow CX Code Block Privilege Escalation
Severity: HIGH Affected: Technology
A critical flaw in Google’s Dialogflow CX allows an attacker with edit rights on one Code Block-enabled agent to compromise other Code Block-enabled agents within the same Google Cloud project [1]. From compromised agents, attackers could read live conversations, steal user data, and cause the bots to send attacks ⚠[1].
Sources:[1] The Hacker News
Recommended Action
- Review and restrict editor permissions on Dialogflow CX agents, applying principle of least privilege.
- Segregate sensitive Dialogflow agents into separate Google Cloud projects to limit cross-agent attack surface.
- Monitor Dialogflow audit logs for unexpected changes to Code Block configurations.
5. Microsoft 365 Device Code Phishing Campaign (DEBULL)
Severity: HIGH Affected: Technology
A Microsoft 365 device code phishing campaign using DEBULL tooling targeted victim accounts between late June 2026 and early July, according to findings from ZeroBEC [1]. The campaign used collaboration-themed lures and did not rely on fake Microsoft password pages [1].
Sources:[1] The Hacker News
Recommended Action
- Alert users to the device code phishing variant and train them to never share device codes received during authentication.
- Enforce Conditional Access policies to alert on unusual device code flows and block suspicious geographic or network patterns.
- Review Microsoft 365 sign-in logs for device code authentication attempts from unexpected locations or IP addresses.
Today’s Action Checklist
- ☐ URGENT: Disable GitHub Agentic Workflows in organizations handling sensitive data; await security update from GitHub.
- ☐ URGENT: Patch all Gitea instances to the latest version to block CVE-2026-20896 exploitation.
- ☐ Review recent Gitea access logs for suspicious authentication activity and rotate compromised credentials.
- ☐ Audit Dialogflow CX agent permissions and segregate sensitive chatbots into separate Google Cloud projects.
- ☐ Send security alert to Microsoft 365 users warning of device code phishing and device code bypass risks.