
Hackerbot-Claw Grows, Xygeni Tag Poisoning, GitHub Search HA, Windows SID Failures, and AI Skills Supply Chain
From Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News by Teller's Tech - DevOps, SRE and Cloud Podcast
March 27, 2026 · 15 min · Episode 29
About this episode
This episode discusses various security issues and updates related to GitHub Actions, tag poisoning, and Windows Server 2025.
This episode of Ship It Weekly is about the places where convenience quietly turns into trust. Brian revisits the Trivy story by zooming out to the bigger hackerbot-claw GitHub Actions campaign, then gets into the Xygeni tag-poisoning compromise, GitHub’s search high availability rebuild for GitHub Enterprise Server, Windows Server 2025 surfacing duplicate SID problems in cloned images, and the agent-skills ecosystem replaying package supply chain history. Plus: a quick lightning round on GitHub pausing self-hosted runner minimum-version enforcement and March secret scanning updates. Links OpenSSF advisory on active GitHub Actions exploitation https://seclists.org/oss-sec/2026/q1/246 Xygeni action compromise via tag poisoning https://www.stepsecurity.io/blog/xygeni-action-compromised-c2-reverse-shell-backdoor-injected-via-tag-poisoning GitHub Enterprise Server search high availability rebuild https://github.blog/engineering/architecture-optimization/how-we-rebuilt-the-search-architecture-for-high-availability-in-github-enterprise-server/ Microsoft on duplicate SIDs and nongeneralized Windows Server 2025 images…
People in this episode
Host: Brian
Topics covered
- GitHub Actions
- tag poisoning
- high availability
- Windows Server issues
- AI skills supply chain
- supply chain security
Keywords
- GitHub
- Xygeni
- Windows Server 2025
- Trivy
- supply chain security
- AI skills
- tag poisoning
- high availability
Mentioned in this episode
Organizations: GitHub, Xygeni, Microsoft, OpenSSF, Snyk
Products: GitHub Actions, Windows Server 2025, GitHub Enterprise Server, Trivy
More episodes of Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News
- Coinbase Outage, Meta AI Account Recovery, AWS AgentCore Code Injection, Apigee Tenant Isolation, and the Glue That Breaks Production · June 12, 2026 · 23 min
- Kiro CLI Approval Bypass, Amazon Braket Pickle Risk, AWS Org Logging, KEDA Upgrades, and Automation’s Hidden Boundaries · June 5, 2026 · 20 min
- GitHub Supply Chain Attacks, Railway’s GCP Outage, Discord’s Voice Failure, AWS Retry Changes, and Trusted Tool Risk · May 29, 2026 · 24 min
- Ship It Conversations: Jake Warner on Cycle.io, Bare Metal’s Comeback, and Why Private Cloud Is Getting Interesting Again · May 26, 2026 · 36 min
- CISA’s GitHub Leak, AI Root Cause Analysis, Copilot Agents, Claude Code in CI/CD, and Kubernetes Seccomp Risk · May 22, 2026 · 22 min
- AI Agents Get API Access and Identity: GitHub Copilot Cloud Agents, MCP Auth, Ansible Automation, OpenAI Daybreak, and the New Production Risk · May 14, 2026 · 23 min
Explore listener stats, chart rankings, contacts and more on the Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News podcast page.