AtlanDigital

⚠️ Multiple @ redhat-cloud-services npm packages were found carrying malicious payloads that fire via a preinstall hook on every npm install. All packages were published via GitHub Actions OIDC, indicating the CI/CD pipeline was compromised. The payload targets GitHub Actions secrets, AWS, GCP, Azure, Kubernetes, HashiCorp Vault, npm and CircleCI tokens. It reads /proc/mem to bypass log masking, self-propagates via harvested npm tokens bypassing 2FA, and persists on developer devices via Claude Code and VS Code injection.

❗️🚨 BREAKING: Security researchers are now handing Nightmare-Eclipse vulnerabilities for free, in what looks like both a show of support and a reaction to how Microsoft treats researchers. First up: "Bitskrieg," violates Secure Boot trust and fully bypasses BitLocker. It seems aimed squarely at Microsoft's recent blog, where the company said its Digital Crimes Unit would bring cases against threat actors "and those that enable their criminal activity," language many researchers read as a threat pointed at them.

Today Instagram had this massive exploit where hackers were just stealing rare handles left and right. Hundreds of accounts gone. People losing handles they’ve owned since 2010, some worth hundreds of thousands. I own a few rare ones so I was actually stressed watching this happen in real time, which I haven’t been in years. Obama White House account got hit. These aren’t some random new accounts, these are verified, locked down accounts and they still got compromised. The thing is the exploit is so simple it’s almost funny. Attacker goes to Forgot Password, says their account is hacked, turns on a VPN to match the target’s location (which now you can find on the about section of the page). Instagram’s AI support flow asks them to verify with a selfie. They grab a photo from the target’s profile, run it through an AI video generator to make an animation of the person’s face moving around, upload that to Meta’s AI as proof. And Meta’s AI just accepts it because it can’t tell the difference between a real selfie and an AI-generated video of someone’s face . Once verified they change the email to theirs. Password reset link goes to their email. They own it now. 2FA gets bypassed somehow in the process but honestly I don’t know exactly how, just that it did. Point is even locked down accounts went down. Then you try to recover your account and you’re talking to a chatbot that has zero ability to help. You can’t escalate to a human. You’re just stuck. Your asset is gone and there’s no one to call. The whole thing just highlighted how stupid it is to automate account security without any human in the loop. One AI fooling another AI while there’s literally no person anywhere to catch it. Meta took hours to even acknowledge it while accounts were getting stolen every minute. Now thankfully it’s patched but I don’t think it will be the last one. Stay safe!

I’ve always claimed that ETW is very fast. I’ve been writing and teaching about it for years (for example, my talk “The Good, the Bad and the ETW” at x33fcon 2020 https://t.co/mRjLi3Jr2D), but I never actually measured its speed - until today. I needed an exact figure, so I wrote a small C app that logs 1 million events and measures the elapsed time. Here’s the code along with the complete test procedure. Enjoy! 🚀 https://t.co/Ow75wzaIHz

(Amanda) I want to ask you a favour today - if you live in the UK would you please sign this? It's called a 'petition' and even though I don't understand what it is, I know it's important. Maybe you could tell other humans about it and ask them to sign it too. I'll tell you more about the special August thing tomorrow. Here's the petition - https://t.co/ZaArb285gN

🚨 Alleged Sale of GitHub Private Source Code and Internal Repositories 🚨 A threat actor using the alias “TeamPCP” posted an ad on a cybercrime forum offering to sell private source code and internal repositories allegedly belonging to GitHub, the world’s largest web-based hosting service for version control and software development collaboration. According to the provided listing details, the seller outlines the following specifics regarding the compromise: Data Volume: The breach reportedly encompasses approximately 4,000 repositories of private code.Content Scope: The actor claims the data covers the main platform and internal organizations, offering a structured repository list via a LimeWire download link for buyer https://t.co/Y7EhPEfgyX Demands: The actor states they are not interested in extorting GitHub through a ransom process. Instead, they are looking for a single buyer with a starting floor price of $50,000, promising to delete the data upon a successful sale or leak it for free if no buyer is found. The exposure of internal repositories for a major source code hosting platform presents a critical supply chain risk, as it potentially contains platform logic, proprietary tooling, or underlying infrastructure configurations. #GitHub #SourceCode #DataSale #CyberCrime #ThreatIntelligence