Olivia
Online
Adolfo 💾
@adolfo
🚀 Product Engineer @ MAXIOS Systems
Joined February 2007
1.3K Following
472 Followers
6.3K Posts
🚨 Breaking: 31 npm packages from @RedHat have been compromised.
100,000+ weekly downloads affected. The upstream CI/CD pipeline was compromised, with all packages published via GitHub Actions OIDC.
The payload:
⚠️ Reads GitHub Actions runner process memory to extract masked secrets
⚠️ Sweeps credentials across AWS, GCP, Azure, K8s, Vault, and npm
⚠️ Self-propagating worm that republishes backdoored packages using stolen npm tokens, bypassing 2FA
⚠️ Persists on dev machines via Claude Code settings hijack and VS Code task injection
⚠️ Exfiltrates data through GitHub API commits, blending in with normal git operations
We have responsibly disclosed the incident to the maintainers.
Full technical analysis: https://t.co/63nZYH1cMO
Hetzner is down?
hollydollyshittyfuck, those shockwaves are insane.
Liftoff of Starship V3, from the dunes right outside the pad.
This is the most insane shockwave action I have ever seen on video. Absolutely mad.
📽️ Me for @WeAreSpaceScout
‼️🚨 BREAKING: Another supply chain attack. 700+ GitHub repositories flagged, including PHP and Node.js projects. The malicious script was planted across all of them. When a developer installs the package, the script silently downloads a Linux file from GitHub, hides it under the name /tmp/.sshd (so it looks like a normal system file), and runs it in the background. It also skips security checks on the download and hides any error messages.
8 PHP packages on Packagist (the main PHP code library) were confirmed infected. The attacker hid the script inside a JavaScript config file (package.json) instead of the PHP one (composer.json), so PHP developers reviewing their code would not notice it. The biggest risk is to devdojo/wave (6,400 stars) and devdojo/genesis (9,100 installs), both popular Laravel project templates. Developers who use these templates run the bad script the moment they install dependencies.
The same payload was also dropped into GitHub Actions (automated build pipelines) under a fake step called "Dependency Cache Sync," meaning it could infect company build servers too. Packagist removed the bad packages, but the auto-updating versions (dev-main, dev-master, 3.x-dev) can quietly come back if the original repos stay infected.
IOCs:
GitHub account parikhpreyash4
repo systemd-network-helper-aa5c751f
drop path /tmp/.sshd
command fragments curl -skL and chmod +x /tmp/.sshd.
Who to follow
X2
UPDATE: So far we've identified 639 compromised npm package versions across 323 unique packages in tonight’s Mini Shai-Hulud wave.
That includes 558 versions across 279 unique @antv packages. Most were detected within ~6 minutes of publication.
https://t.co/JXJK1NT4dp
@okorojames_ @modat_magnify They definitely audit. It's just that new tools are catching deep, legacy flaws like React2shell that stayed hidden for years. Frequent patches are a sign of way deeper scrutiny, not worse code. We’re basically just seeing a long-overdue deep clean of the ecosystem
‼️🚨 UPDATE: The TanStack npm attack is now a full campaign.
'Mini' Shai-Hulud has hit:
- OpenSearch
- Mistral AI
- Guardrails AI
-UiPath
- Squawk packages across npm and PyPI
The malware specifically targets AI developer tooling. It hooks into Claude Code (.claude/settings.json) and VS Code (.vscode/tasks.json) to re-execute on every tool event, long after the infected package is gone. npm uninstall does not fix this.
the future is here
https://t.co/P8tjPxclqZ
Si pones a los 100 mil millones de humanos que han existido a adivinar claves privadas de Bitcoin (a un ritmo de un billón de claves por segundo cada uno) desde que nacen hasta que mueren, la probabilidad de que uno acierte es CERO.
¿Quieres probar suerte?
SatoshiGuesser es una tragamonedas real que genera CLAVES PRIVADAS de Bitcoin en tu navegador.
Si aciertas (1 en 5.27 × 10^72), te llevas la wallet de Satoshi con +1.1 MILLONES de BTC!!!
Criptografía 100% real.
Sin servidores.
Sin trucos.
REPOOO👇
Applies to every country in Latam too 🤣
It's been about a year ago since I launched a site called 🇵🇹 Only In Portugal to journal the crazy issues we've experienced as foreigners moving to Portugal with both governments agencies and businesses here, most of them quite Kafka-esque in nature
Of course everyone's reaction is "why don't you leave?"
But it is one of the most beautiful countries in the world, which has incredible potential
And it's nicer to fix things, and while complaining about things doesn't make you popular (I've received many death threats), it is oddly effective if you do it in the public sphere:
Collectively complaining about things, as we've seen with Google (they stopped self-sabotaging and are now the leader in AI), the European Union (they are passing laws based on @euacc points), and even Apple (Tim Cook finally quit), does fix things, eventually!
So I'm trying the same with Portugal
I feel AI governance has a lot of potential, AI can be quite a neutral party that can look at issues and find solutions in a very pragmatic and non-partisan way
So I've asked AI to analyze over 300 issues, stories and experiences submitted to my site in the last 12 months, and write an deep analysis report how to fix Portugal in the next 5 years: every argument it makes is based on real experiences from real people , so no AI hallucinations
AI believes all issues here are based on 5 core problems:
- The Portuguese government is too expensive and too slow to interact with
- There aren't enough skilled workers and no incentive to become one
- There is zero accountability anywhere in the system
- Technology adoption is 15–20 years behind
- The tax system punishes productive people and rewards evasion
(P.S. of course many of Portugal's issues are a microcosm of Europe's macro issues)
AI then created a 5-Year Action Plan to solve it:
YEAR 1 — Shock Therapy
1.1 Flatten the Tax System
1.2 Nuke the Immigration Agency, Build a Digital Replacement
1.3 Gut the Public Sector Bureaucracy
1.4 The Accountability Law
YEAR 2 — Infrastructure Blitz
2.1 Lisbon Airport
2.2 Digital Infrastructure
2.3 Healthcare Triage
YEAR 3 — Culture Shift
3.1 Skilled Trades Academy
3.2 Animal Welfare & Noise Enforcement
3.3 Court Reform
YEAR 4 — Economic Acceleration
4.1 Housing
4.2 Transport
4.3 Consumer Protection
YEAR 5 — Consolidation
5.1 Measure Everything
5.2 Cultural Campaigns
5.3 The Exit Metric
Of course the next challenge is how do you get this to politicians, but we did this with @euacc before, so we can surely do it in Portugal too!
You can read the full action plan in the reply below!
Curioso preguntarse hasta dónde llegaron sus conversaciones con ChatGPT
🚨TRAGEDIA EN TEOTIHUACÁN: El perturbador patrón detrás del ataque.
Hoy, 20 de abril, la violencia en la Pirámide de la Luna revela un plan orquestado bajo la estética de Columbine (1999) y una peligrosa filosofía nihilista:
🗓️ LA FECHA: 20 de abril, aniversario 27 de la +
@maxifirtman Suena a qué detectaron muchas cuentas con un mismo Bin bancario y por las malas experiencias que han tenido con los chinos su sistema les suspendió las cuentas. Para evitar destilación, pues.
@melmoreira35584 Súbelo en Zone-h, para que haya un mirror.
El castacán será gentrificado en Mérida.
Mark my words.
Let me know if I can help or run any tests
@heyandras something is consuming high CPU after updating to Coolify 470. I rolled back to 469 and usage dropped back to ~50%. Just a heads up.
we’re in the golden age of supply chain attacks.
Axios. LiteLLM. XZ Utils..
how many backdoors are quietly running right now, just because they’re too effective to raise any alerts?
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers