TanStack was hit by a supply chain attack.
MistralAI was hit by a supply chain attack.
The Mayor of Arcadia, California, was a Chinese spy.
Forza Horizon 6 leaked.
Canvas bamboozled.
Shai-Hulud open-sourced.
Nightmare-Eclipse teases two new Windows 0days.
It is Tuesday. What will happen on Wednesday? Find out on the next action packed episode of Dragon Ball Z
Goooood morning Europe!
Our threat research team has been tracking the new mini-shai-hulud wave overnight.
If you're not using cooldowns with tanstack, uipath, mistralai, @opensearch-project/opensearch, + more --- time to dig in 🕳️
https://t.co/qUaICYG2Is
HTML is the new markdown.
I've stopped writing markdown files for almost everything and switched to using Claude Code to generate HTML for me. This is why.
👻Is it just me, or are Agent Skills spooky?
Skills can:
• fetch remote content
• Register subagents
• Create Hooks
• Hide instructions in Unicode
Check out my walk through of 19 capabilities that make malicious skills scary: https://t.co/cNQWpRt7qq
The #DFIRSummit is back this fall! Join us for the latest in digital forensics, incident response, threat hunting, & ransomware.
🗓️ Summit: Oct 15–16
📍 Arlington, VA | All-Access + Workshops
🌐 Live Online | Select talks
💻 Training: Oct 17–22
Register: https://t.co/dNYlJZmJA5
Artemis II crew is thousands of miles away from Earth
And they’re asking ground crew for help because they have two versions of Microsoft Outlook open and neither is working
This scene is now canon 😭
😼New TeamPCP: PyPI package "telnyx" versions 4.87.1 and 4.87.2 contain malware.
These versions were uploaded directly to PyPI (no matching GitHub tags/releases). Downgrade to 4.87.0 or earlier immediately.
Windows payload appears broken in 4.87.1.
Two more threads to pull in the TeamPCP incident:
1. an additional Checkmarx GitHub action was hit
2. Checkmarx's OpenVSX extensions were compromised, and are on hour 10 of serving malware
Check out our updated blog for a detailed break down, including the new C2!
🚨🚨🚨Initial indications that TeamPCP retained Docker absence, and have been able to push new malicious versions of Trivy
- Investigate any usage of 0.69.5, 0.69.6
- at this point, strongly reconsider if you can build confidence in this IR process, or need to rip out Trivy