Ax Sharma

🚨 Supply Chain ALERT New Phase of “Miasma: The Spreading Blight” 🚨 A new wave of the npm supply chain campaign, Miasma: The Spreading Blight Targets include @‌vapi-ai/server-sdk & ai-sdk-ollama. Attackers are using a new autorun install method exploiting node-gyp shell expansion. We have updated our previous blog: https://t.co/gFhlSCFzOu

New Google paper says LLMs should stop pretending certainty and instead clearly show when they are unsure. Hallucination is less about machines being wrong than about machines sounding certain when they should hesitate. That distinction changes the target-problem. The paper changes the target from making models perfectly factual to making them honest about their own uncertainty. For years, the obvious goal has been to make language models know more, so they make fewer factual mistakes. Perfect factuality may be very hard, but a model that clearly separates “I know this” from “I am guessing” can stay useful without quietly damaging trust. This paper argues that the harder missing skill is not knowledge, but self-knowledge. A model can be well calibrated in the broad sense, knowing that answers like this are correct about 60% of the time, yet still fail to identify which particular answer is the dangerous one. That is the trap: to eliminate errors, the system must refuse many answers that would have been right. The authors call this the utility tax, and it explains why products keep drifting toward confident usefulness rather than cautious truth. Here's the key point. A wrong answer wrapped in honest uncertainty is not the same social object as a wrong answer delivered as fact. It gives the user a different instruction: verify this, treat it as provisional, do not build too much on it. The proposed fix is “faithful uncertainty,” where the model’s language mirrors its internal confidence instead of smoothing doubt into authority. For agents, this becomes even more important, because uncertainty is what should decide when to search, when to trust a source, and when to stop. Tools expand what a model can access, but metacognition governs whether access is used wisely. ---- Paper Link – arxiv. org/abs/2605.01428v1 Paper Title: "Hallucinations Undermine Trust; Metacognition is a Way Forward"

🚨 The "𝙼𝚎𝚐𝚊𝚕𝚘𝚍𝚘𝚗" Campaign is live... 𝟻,𝟽𝟷𝟾 malicious commits to 𝟻,𝟻𝟼𝟷 GitHub repositories in a six-hour window. Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected 𝙶𝚒𝚝𝙷𝚞𝚋 𝙰𝚌𝚝𝚒𝚘𝚗𝚜 workflows containing 𝚋𝚊𝚜𝚎𝟼𝟺-𝚎𝚗𝚌𝚘𝚍𝚎𝚍 bash payloads that exfiltrate: - CI secrets, - cloud credentials - SSH keys - OIDC tokens - source code secrets Check your repo / Technical details: https://t.co/tua3jYU1wa

After 10 years of running WindowsLatest, I think this is finally the end of an era. Google comfirmed that Search is becoming an AI box, which means you'll not be encouraged to click "blue links." Yes, the blue linke are still on the page, but they're becoming irrelevant. For a decade, I watched Google rank Reddit threads, forums, spam, and sites that merely linked to my reporting above the original articles I broke. I complained to Googlers repeatedly. I showed them my original work being outranked by spammers copying it. Nobody at Google cared... I never sold products with affiliate links. Ive never recommended anything for a commission. I have never ran a sponsored post. Being the "nice guy" earned me nothing Google had already decimated independent publishers long before this announcement. AI Mode is just the funeral

Microsoft is investigating a new, emerging Mini Shai-Hulud npm supply chain attack targeting antv packages. Attackers compromised an antv maintainer account and published malicious versions of multiple widely used packages (for example, antv/g2). As these packages are widely used as dependencies, the compromise propagated into downstream libraries like echarts-for-react, impacting a much broader set of applications and continuous integration (CI) environments. All compromised packages contain a byte-identical, obfuscated credential-stealing payload delivered via a preinstall hook (Bun). The malware targets high-value secrets including: - GitHub personal access tokens (PATs) and OpenID Connect (OIDC) tokens - npm / Amazon Web Service (AWS) credentials and Security Token Service (STS) sessions - Secure Shell (SSH) keys, kubeconfigs, and .env / .npmrc files - Software-as-a-service (SaaS) tokens (Slack, Stripe, Vault) Exfiltration occurs over HTTPS with Transport Layer Security (TLS) validation disabled. The payload also abuses stolen OIDC tokens to forge Supply-chain Levels for Software Artifacts (SLSA) provenance and propagate malicious releases, exhibiting worm-like behavior across repositories. Malicious files distributed through npm packages are detected by Microsoft Defender as Trojan:AIGen/NPMStealer , "Suspicious Node.js process behavior", or “Credential access attempt”, preventing credential theft and malicious post-install execution. Mitigation: - Audit dependencies for affected antv and related packages; pin or downgrade to known-good versions (pre-2025-05-18). - Revoke and rotate exposed credentials (GitHub, npm, cloud tokens, SSH keys). - Validate integrity of CI pipelines and recent build artifacts. - Network IOC: Stolen credentials are exfiltrated over HTTPS to t.m-kosche[.]com:443. Block at egress and review network logs for outbound connections.

🚨Cyber Alert ‼️ WormGPT A threat actor known as Sythe claimed to have leaked the database of WormGPT, a cybercrime-focused AI platform, exposing data linked to more than 19,000 users. The leaked data allegedly includes email addresses, user IDs, and subscription and billing metadata. Sector: ICT Threat class: Cybercrime Observed: Feb 10, 2026 Status: Pending verification — About this post: Hackmanac provides early warning and cyber situational awareness through its social channels. This alert is based on publicly available information that our analysts retrieved from clear and dark web sources. No confidential or proprietary data was downloaded, copied, or redistributed, and sensitive details were redacted from the attached screenshot(s). For more details about this incident, our ESIX impact score, and additional context, visit https://t.co/eB7qgxKFAa.