Olivia
Online
Adam John
@ajohn76
IT security, privacy, and mostly lots of random thoughts.. a little for everyone and disclaimer.. My thoughts are not of my employer, and agencies
US
Joined April 2009
935 Following
525 Followers
5.5K Posts
❗️ Over 30 official Red Hat npm packages were compromised. How they got in:
- A Red Hat employee's GitHub account was compromised.
- Attackers pushed "orphan commits" (detached from branch history) straight in, bypassing code review with no pull request.
- Payload "Miasma" (Mini Shai-Hulud variant) steals GitHub/cloud/Vault/SSH/npm secrets. Rotate everything since June 1.
- The commits added a workflow (ci.yaml) + script (_index.js) that abused npm trusted publishing, requesting a real OIDC token to publish backdoored versions.
This year we have upped our swag game! Not only will there be shirts, but we will also have trucker hats and pull over hoodies for sale! Stop by our merch table on Friday May 29th https://t.co/LNIxIgG0zY
This is just...
I barely even know what to say.
This has to be one of the absolute worst (meaning: most incredibly ridiculous) vulnerabilities in a major vendor product in the last decade.
Cisco's devs literally just forgot to invoke the authentication check.
Huh.
Am I the only one who didn't know that Microsoft makes a tool called EventLogExpert that is supposed to be an improved version of event viewer for IT/helpdesk people?
https://t.co/HzSzG1zSO0
Who to follow
Erin Jacobs 
@SecBarbie
💼 CEO & Partner at @UrbaneSec 🎧 Low-key producer & DJ ⭐️ Lover of Fine Dining #StarChaser 🍷 Certified Sommelier #RTR🐘 #streamingeagle | She/Her | 💖 💜 💙
jcran
@jcran
knowledge seeker
☁️Trey
@treyford
Dad + Cyber + Risk + Agnotology. @BlackHatEvents Review Board. Chiefs, Crimson, & Longhorns. Head in the ☁️s. Views my own.
🔥 A U.S. federal agency was hacked via Cisco firewall.
Attackers used ASA flaws to install FIRESTARTER, a backdoor that stays even after patches and normal reboots.
Fix requires full reimage or hard power cycle, not just updating software.
🔗 Read → https://t.co/sbjyK90Fuy
Good Morning it’s TUESDAY April 21
🧵 1 of 3
🧊 🚗 You may want to warm up your car a few minutes early
🥶 ⚠️ DEEP FREEZE THIS MORNING
☀️ Sun will warm us up in a hurry
👇
@SharkHomeUS. I found a classic. Do you need one for a museum?
VERCEL GOT HACKED
ShinyHunters - the group behind the Ticketmaster breach - is selling Vercel's internal database for $2M on BreachForums
here's why every developer should care:
- they have NPM tokens and GitHub tokens
- Vercel owns Next.js - 6 million weekly downloads
- one malicious push = global supply chain attack
- Vercel confirmed the breach today, April 19
- they literally DMed the hackers on Telegram asking them to stop
rotate your env variables RIGHT NOW
🚨 Early bird ticket sales and CFP close on March 15th, in a couple of days!
Get your discounted tickets here: https://t.co/ImMpEM7umV
Submit your CFP here: https://t.co/siLc03Zlp4
🚨 Reminder: Early bird tickets for BSidesHBG 2026 are still available until the 15th of March.
Get your tickets now before the deadline!
https://t.co/ImMpEM7umV
@PoojaUjagare That’s ai.
@SelahaddinZengi This.. is AI
Alright, boys. Only a few hours left to wrap this war up before the opening bell on Monday. We’ve got stocks to juice.
Our daughter — a cancer survivor — is raising money for other kids with cancer. She’s doing it with Hampton High School’s Thon event.
Please help if you can.
https://t.co/UpGEpSgOR2
@mamunxy That’s not a reaper there’s no lower rear stabilizer. Also, there’s multiple reports on Internet that looks like it’s coming from a video game.
@chrismartenson Add some context, at least according to @grok the ship that was hit was part of the Iranian shadow fleet. So they are either fairly incompetent or they hit their own ship to potentially scare others. If you look at the ship traffic maps in the strait, it’s reduced not closed
@krassenstein For context, It looks like this ship is part of an Iran’s own shadow fleet that’s under sanction as reference by @grok which is slightly ironic. The strait still has traffic going through it at this time is you look at the ship traffic monitoring sites.
The most important strategic strike on Iran was denying them access to seamless remote work with Microsoft Teams
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers