Dave Ferguson

about 17 hours ago

https://t.co/u2ViF76nKK

0

6

7

1

893

_sc0rn retweeted

4 days ago

On June 1, an attacker published malicious versions of 31 packages in a 72-second automated scripted push — affecting approximately 9.8 million total downloads across Red Hat's Hybrid Cloud Console JavaScript ecosystem.

1

2

0

261

14 days ago

Cognitive Surrender to AI is real. https://t.co/I4uRATn9bl

0

15

_sc0rn retweeted

Jim Manico from Manicode Security

24 days ago

TeamPCP's mini Shai-hulud campaign is spreading. What started with backdoored TanStack packages on npm has now expanded to UiPath, Mistral AI, OpenSearch, guardrails-ai and more — across both npm and PyPI.

ReversingLabs's tweet photo. TeamPCP's mini Shai-hulud campaign is spreading.

What started with backdoored TanStack packages on npm has now expanded to UiPath, Mistral AI, OpenSearch, guardrails-ai and more — across both npm and PyPI. https://t.co/YT5iCpdf0G

1

2

1

0

324

Who to follow

@manicode

AI and AppSec Educator. Secure coding system prompts. https://t.co/gbW3ZLhURT

Tom Brennan

@brennantom

Founder & Managing Principal | Managed Cyber Risk Reduction for Regulated Organizations | SDVOSB https://t.co/VUUPOr8zts

Ryan Barnett (B0N3)

@ryancbarnett

29 days ago

100% accurate. How can they not see this?

Florian Roth ⚡️

@cyb3rops

29 days ago

If people really believe companies can stop hiring junior devs and keep a few senior developers around to review AI-written code all day, they haven’t understood senior developers. Many of them would rather join a medieval tooth-pulling show at a fairground than spend every day maintaining AI-generated code nobody really understands

46

863

76

72

54K

0

36

_sc0rn retweeted

29 days ago

What makes the #CopyFail #Linux privilege escalation attack particularly alarming is how easy it is to exploit. Use these five #YARA rules ASAP for detection and remediation. https://t.co/yXKgbb4hde

0

2

3

0

226

about 1 month ago

Great post by @nathanhamiel dissecting the Mythos hype. https://t.co/ZN3gxS48N3

0

1

0

13

_sc0rn retweeted

about 1 month ago

🚨Versions 2.6.2 and 2.6.3 of the PyPI package "lightning" are compromised. RL research note: It is the same type of #Shaihulud malware as in recent Bitwarden and SAP compromises.

4

3

0

453

about 2 months ago

Containers to be replaced by WASM modules soon? https://t.co/UiLz6qbLC4

0

21

_sc0rn retweeted

The Hacker News @TheHackersNews

about 2 months ago

High-end AppSec isn’t just for the Fortune 500. Spectra Assure Community gives devs, AppSec teams & OSS maintainers pro-grade supply chain security insights — without the cost or complexity. Move beyond blind trust 👉 https://t.co/mDS1Gap7v1

ReversingLabs's tweet photo. High-end AppSec isn’t just for the Fortune 500.

Spectra Assure Community gives devs, AppSec teams & OSS maintainers pro-grade supply chain security insights — without the cost or complexity.

Move beyond blind trust 👉 https://t.co/mDS1Gap7v1 https://t.co/fvynXGW6Hj

0

2

1

0

195

_sc0rn retweeted

about 2 months ago

🛑 Adobe released emergency fixes for a 9.6 CVSS flaw (CVE-2026-34621) in Acrobat/Reader, confirmed under active exploitation. A prototype pollution bug lets malicious PDFs run arbitrary code via JavaScript. Evidence shows attacks may date back to Dec 2025. 🔗 Read → https://t.co/y0BJMEd2ly

TheHackersNews's tweet photo. 🛑 Adobe released emergency fixes for a 9.6 CVSS flaw (CVE-2026-34621) in Acrobat/Reader, confirmed under active exploitation.

A prototype pollution bug lets malicious PDFs run arbitrary code via JavaScript. Evidence shows attacks may date back to Dec 2025.

🔗 Read → https://t.co/y0BJMEd2ly

10

281

98

76

37K

_sc0rn retweeted

Kaspersky @kaspersky

about 2 months ago

If you downloaded any CPUID software between Apr 9 15:00 UTC and Apr 10 10:00 UTC — assume compromise. Check your DNS logs for these 4 malicious domains and scan for CRYPTBASE.dll artifacts. Full IoCs, hashes, attack chain analysis and detection rules: https://t.co/wUEbuEBFaR [6/6]

1

81

8

45

11K

2 months ago

JPMC's CISO Patrick Opet discusses his open letter to third-party software suppliers. https://t.co/GbBFeBN6ac

0

42

2 months ago

@reginaldbear @NamesJaysmith Iowa's Ben McCollum is our best choice at 44 yrs old. But born & raised in Iowa.

0

163

2 months ago

@mubix https://t.co/c5uOnDIeR8

0

232

_sc0rn retweeted

Rob Fuller @mubix

2 months ago

Haven’t validated myself but here is the post: https://t.co/rpTqR9Rghl And here is the specific software that is specified: https://t.co/YDEkQOliN2

4

116

23

45

15K

2 months ago

Hey @gmail. An email sent to my business email account and marked as Spam (so I never saw it) created a calendar entry on my Google Calendar. Why did that happen?

8

0

31

2 months ago

Good review of the compromises in open source due to TeamPCP. https://t.co/mqdN71m26J

0

46

_sc0rn retweeted

2 months ago

👁️ Be on the look out for compromised versions 1.82.7 and 1.82.8 of the "litellm" PyPI package, which has more than 479 million downloads 🧵👇 https://t.co/Fu70kZ8Koz

4

12

6

0

1K

_sc0rn retweeted