Marcus Hallberg
Security engineer with a passion for cloud security, AI systems, forensics and automation.
Secret skill: Swedish folk dancing (still).
Session
This talk covers how the Lovable security team identified and tracked a global attack attempted to compromise our users' Github projects with malicious code. We analysed millions of Lovable projects across hundreds of thousands of customers and tracked the campaign through its different phases meanwhile we built tools to intercept and prevent the attack.
The attacker used a mix of human and non-human identities, introduced malicious code through direct commits and merge paths, and bypassed expected platform provenance. We observed payloads hidden in frontend configuration files and used obfuscated staged JavaScript to fetch and execute encrypted second-stage code. The attack affected anyone who worked with or built the code and the tactics and IOCs correspond to those used by a nation state actor.
This talk shows how to detect and contain this pattern by correlating Git events, CI/CD metadata, and platform edit telemetry. Attendees leave with knowledge of how to prevent similar attacks from happening, deploy detections, triage logic, and conduct incident response.