Filevine keeps matters, documents, deadlines, and tasks in one place — built for how law firms run.
Certified Filevine partners. We'll get your firm set up right.
See it → https://t.co/dW9yKlQt1c
#Filevine#LegalTech#LawFirm
Microsoft Threat Intelligence has observed a supply chain attack targeting the Leo Platform/RStreams npm ecosystem. On June 24, 2026, at 23:04:55 UTC, a compromised maintainer account ("czirker") to publish malicious versions of 20+ npm packages in a coordinated, fully automated operation completed in under three seconds.
Each malicious package ships a tiny binding.gyp and a large index.js, with no postinstall script. The attacker hides the install hook inside node-gyp's command expansion: the binding.gyp sources array contains <!(node index.js > /dev/null 2>&1 && echo stub.c), so npm install runs index.js at build time.
index.js is a three-layer dropper: a ROT char code cipher, then AES-128-GCM (two encrypted blobs), then an obfuscator[.]io toolkit. The loader writes the toolkit to /tmp/p.js and runs it under the Bun runtime (downloaded as v1.3.13), not Node, to sidestep Node-based instrumentation and EDR module load detection.
On a CI runner or workstation, the toolkit:
- Steals runner memory: locates the GitHub Actions Runner.Worker process and reads /proc/{pid}/mem to lift secrets that CI masks in its logs
- Sweeps credentials: AWS, GCP, Azure, HashiCorp Vault, Kubernetes, plus npm, PyPI, RubyGems, JFrog tokens, GitHub PATs, and 1Password
- Exfiltrates with no C2 domain: commits the stolen secrets to an attacker-controlled GitHub repository using the victim's own GitHub token, a "dead drop" that defeats egress domain blocklists
- Self-propagates: republishes any package the victim can publish to, bypassing npm 2FA (bypass_2fa)
- Escalates and persists: on GitHub hosted runners write runner ALL=(ALL) NOPASSWD:ALL for sudo, and injects workflows requesting id-token: write
This attack affects [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], and [email protected].
Microsoft Defender for Endpoint customers should act on these alerts:
- Trojan:JS/MiniShaiHrd[.]ZA!MTB (index.js)
- Trojan:JS/PhantomWorm[.]DA!MTB (binding.gyp)
- Suspicious Node.js process behavior
- Suspicious installation of Bun runtime
- Suspicious usage of Bun runtime
- Suspicious script execution via Bun
- Credential access attempt
- Kubernetes secrets enumeration indicative of credential access
Microsoft Defender for Cloud detects this activity:
- Suspicious supply-chain compromise activity detected
- Suspicious npm supply-chain compromise activity detected
Customers can also check for these IOCs:
- binding.gyp containing <!(node index.js
- index.js carrying a char code array of length 1,566,023
- stray /tmp/p*.js and a freshly downloaded Bun binary during npm install
- outbound to github[.]com/oven-sh/bun/releases/download/bun-v1.3.13/
- runner ALL=(ALL) NOPASSWD:ALL written to sudoers on a runner
To mitigate: Pin to known-good versions, use lockfiles, rotate any secrets exposed to affected CI runners, and review GitHub Actions for unexpected id-token: write or sudoers changes.
LOIS isn't just an AI assistant — it's agentic.
Knows your matters. Creates tasks. Calculates deadlines. Drafts documents. Works for every role in your firm.
Built into Filevine. Certified partner → https://t.co/dW9yKlQt1c
#LOIS#Filevine#LegalAI#LawFirm
📹 60 seconds on why your email domain might be your biggest security gap.
DMARC stops your domain from being spoofed. Most SMBs don't have it right.
We help South Florida businesses fix that → https://t.co/JBN3Ng64YF
#DMARC#EmailSecurity#CyberSecurity
Coud investments can better support long-term business priorities and operational resilience. Are you seeing this in your organizations decision-making? https://t.co/a5cbaxNgXO
ABC, CBS, and NBC have been largely silent in regards to DNI Tulsi Gabbard’s recent declassification regarding Anthony Fauci’s cover-up of the COVID-19 pandemic.
Payment fraud often starts with a spoofed email.
No DMARC = your clients could receive fake invoices that look like they came from you.
Neuwest closes that gap → https://t.co/JBN3Ng64YF
#EmailFraud#DMARC#CyberSecurity#FinancialServices
Law firms: June 30 deadline.
Sign on with LOIS (Filevine's AI) and get Filevine case management included at no additional cost for 12 months.
We're certified Filevine partners. Don't let this one pass → https://t.co/dW9yKlQt1c
#Filevine#LOIS#LegalAI#LawFirm
Phishing hit record highs in 2025. SMBs are the #1 target.
Most don't find out until it's too late.
Neuwest helps South Florida businesses get protected → https://t.co/JBN3Ng64YF
#Phishing#CyberSecurity#DMARC#SouthFlorida
Your business email could be getting spoofed right now — and you'd never know.
DMARC stops it. Most SMBs don't have it configured.
Neuwest helps South Florida businesses fix that → https://t.co/JBN3Ng64YF
#DMARC#EmailSecurity#CyberSecurity#SouthFlorida
Democrats got ahead of themselves. Their effort to sell a parade of horribles was an ineffective challenge to an Executive Order which set no new rules and changed nothing about how states oversee elections. Trump 1, Dems 0. Stay tuned!
Billionaire democrat donor Reid Hoffman on the DOJ hot seat for paying 7 million 😳 to democratic operative lawyer representing E. Jean Carroll, who testified under oath she had no assistance with her legal fees. Something is rotten in Denmark.
🚨 JUST IN: President Trump takes huge VICTORY LAP after the climate change "experts" at the United Nations announce they were WRONG
"GOOD RIDDANCE! After 15 years of Dumocrats promising that “Climate Change” is going to destroy the Planet, the United Nations TOP Climate Committee just admitted that its own projections (RCP8.5) were WRONG! WRONG! WRONG!"
"For far too long Climate Activism has been used by Dumocrats to scare Americans, push horrible Energy Polices, and fund BILLIONS into their bogus research programs."
"Unlike the Dumocrats, who use Climate Alarmism nonsense to push their GREEN NEW SCAM, my Administration will always be based on TRUTH, SCIENCE, and FACT! President DONALD J. TRUMP"
This was one huge FRAUD.
Never fund the green scams again! 🔥
🚨 HOLY CRAP!! A Palm Beach elections office volunteer just got arrested for STEALING an encrypted access key and computer equipment in the March 24 special election where the Democrat won by 800 votes
This is the district the includes Mar-a-Lago.
Investigators worry that the encryption — used for training — could be reverse engineered and used to tamper with voter registration
The theft was reported on March 27, a few days after last Tuesday's special election, per WPTV. The theft occurred on March 19, just days before election day
"During the search of [John] Panicci's home, detectives recovered the stolen items along with a substantial amount of electronic and digital storage devices. Panicci was transported to the Palm Beach County Jail and booked on charges."
Election integrity is vital to our republic.
If it's happening in Florida — IT'S HAPPENING NATIONWIDE
🚨 BREAKING: In a massive win, President Trump just secured the construction of a $7.4 BILLION critical minerals smelter and processing facility in the great state of TENNESSEE, USA 🇺🇸
It will create 540K TONS per year of materials - in America. The DEPARTMENT OF WAR will hold some stake in the venture.
The list includes: Gallium, Germanium, Indium. Antimony, Copper, Silver, Gold, and Zinc.
This will be CRITICAL for producing things at home without relying on China, including defense systems and semiconductors.
THIS IS HUGE! 🔥