Nic 🇪🇺

‼️🚨 BREAKING: Cloudflare's CISO just published what Anthropic's unreleased Mythos did against more than 50 of their own production repos. According to him, Mythos is too powerful and must "include additional safeguards" before releasing to the public. Turns out the model can chain multiple low-severity bugs into a single severe exploit with a working PoC, where previous frontier models would stop at "interesting bug, unclear if exploitable." At triage time, that means fewer hedged findings and less time spent asking "is this even real?" A finding that arrives with a PoC is a finding you can act on. Cloudflare is also explicit about the safety side. The Mythos Preview build provided for Project Glasswing did not include the safeguards present in generally available models like Opus 4.7 or GPT-5.5. The model's organic refusals are real, but Cloudflare states they are not consistent enough to serve as a complete safety boundary on their own, and that any cyber frontier model made generally available in the future must ship with additional safeguards on top of that baseline. Interesting detail: Cloudflare was not on the original Project Glasswing launch partner list with Apple, AWS, Google, Microsoft, CrowdStrike, and others. Instead they got invited later on.

Microsoft is investigating a new, emerging Mini Shai-Hulud npm supply chain attack targeting antv packages. Attackers compromised an antv maintainer account and published malicious versions of multiple widely used packages (for example, antv/g2). As these packages are widely used as dependencies, the compromise propagated into downstream libraries like echarts-for-react, impacting a much broader set of applications and continuous integration (CI) environments. All compromised packages contain a byte-identical, obfuscated credential-stealing payload delivered via a preinstall hook (Bun). The malware targets high-value secrets including: - GitHub personal access tokens (PATs) and OpenID Connect (OIDC) tokens - npm / Amazon Web Service (AWS) credentials and Security Token Service (STS) sessions - Secure Shell (SSH) keys, kubeconfigs, and .env / .npmrc files - Software-as-a-service (SaaS) tokens (Slack, Stripe, Vault) Exfiltration occurs over HTTPS with Transport Layer Security (TLS) validation disabled. The payload also abuses stolen OIDC tokens to forge Supply-chain Levels for Software Artifacts (SLSA) provenance and propagate malicious releases, exhibiting worm-like behavior across repositories. Malicious files distributed through npm packages are detected by Microsoft Defender as Trojan:AIGen/NPMStealer , "Suspicious Node.js process behavior", or “Credential access attempt”, preventing credential theft and malicious post-install execution. Mitigation: - Audit dependencies for affected antv and related packages; pin or downgrade to known-good versions (pre-2025-05-18). - Revoke and rotate exposed credentials (GitHub, npm, cloud tokens, SSH keys). - Validate integrity of CI pipelines and recent build artifacts. - Network IOC: Stolen credentials are exfiltrated over HTTPS to t.m-kosche[.]com:443. Block at egress and review network logs for outbound connections.

⚠️ Attackers poisoned Hugging Face & ClawHub (OpenClaw) with 575+ malicious skills from just 13 accounts. 🔸 Fake helpful AI tools that install trojans, miners & stealers (Windows + macOS) 🔸 Use hidden commands & indirect prompt injection Quick action: Never install random AI skills or models. Always verify the source. Read: https://t.co/CmdDBXuzTy

Yup, platform activity is surging. There were 1 billion commits in 2025. Now, it's 275 million per week, on pace for 14 billion this year if growth remains linear (spoiler: it won't.) GitHub Actions has grown from 500M minutes/week in 2023 to 1B minutes/week in 2025, and now 2.1B minutes so far this week. So we're pushing incredibly hard on more CPUs, scaling services, and strengthening GitHub’s core features. And as a fine purveyor of hand-crafted shit code for many years, I'm not gonna weigh in on that. 🤣

‼️🚨 Microsoft calls this "intended behaviour," so here we go. How to dump the credentials of every user stored in Microsoft Edge: 1. Open Edge. Don't browse anywhere, just open it. 2. Flip to Task Manager, find Edge, expand the task. 3. Highlight the "browser" sub-task, right-click, and choose "Create Memory Dump." 4. Open the dump file and look for credentials. The logged-in Windows user can dump every stored Edge credential with no additional rights. Which means any malware that user executes has those credentials for the asking. Thanks to Rob VandenBrink at SANS: https://t.co/ebtVZxne4L

‼️🚨 NEW RESEARCH: Fiber-optic cables can be turned into a hidden microphone and used for eavesdropping. Researchers from Hong Kong's PolyU and CUHK just proved it works in real conditions. The paper was presented at NDSS 2026, one of the top cybersecurity conferences in the world. When someone talks in a room, the sound waves cause tiny vibrations in everything around them, including the thin glass fiber that runs into your apartment from your internet provider. Those vibrations slightly disturb the laser light traveling through the cable. If an attacker plugs the other end of that cable into a special device called a Distributed Acoustic Sensing system, they can read those tiny disturbances and turn them back into recognizable speech. The problem for the attacker: a normal fiber lying along your baseboard is not sensitive enough on its own. Sound fades too fast in the air, and the fiber is too thin to pick it up. So the researchers built a small device they call a "Sensory Receptor." It is basically a 65mm plastic cylinder with about 15 meters of fiber wound around it. The cylinder catches and amplifies sound waves enough for the fiber to register them. Crucially, it is small enough to hide inside the same little plastic junction box your internet installer leaves on the wall to manage extra cable. What the attack can actually pick up: 🔴 Daily activities (typing, walking, snoring, washing dishes): 83% recognition accuracy 🔴 Where in the room a sound is coming from: accurate to within about one meter 🔴 Spoken words at meters from the receptor 🔴 In a real office test, with the receptor hidden in a fiber box and the attacker 50+ meters away in another room, around 80% of the conversation was recoverable Why this attack is different from a hidden microphone: 🔴 No electricity, no batteries, no radio signals 🔴 Cannot be found by professional bug sweeps that look for hidden mics or cameras 🔴 Cannot be jammed by ultrasonic jammers (the kind some boardrooms use against phone microphones) 🔴 Looks identical to a normal fiber cable The researchers tested a commercial ultrasonic jammer right next to their device and it had zero effect. The defenses meant to protect sensitive meetings simply do not see this attack coming. What you can do: 🔴 If you run a sensitive office or meeting room, ask your IT team about polished fiber connectors and optical isolators. Both make this attack much harder. 🔴 Do not let your internet installer leave excess fiber coiled up inside the room. Have them coil it inside the wall or in a sealed box outside the room. 🔴 Keep fiber cable runs away from desks and walls that resonate with conversation. 🔴 In high-security spaces, soundproof the walls and ceilings where fiber runs.

🔐 Proton CEO Andy Yen warns that the global push for age verification is the quiet death of online anonymity, because every passport scan, selfie, and biometric uploaded for "verification" inevitably ends up leaked, hacked, or monetized. He argues Big Tech and governments cannot be trusted to act as gatekeepers, and the only real protection for ID data is to never collect it in the first place.

‼️ https://t.co/5Bh62HuixW has been breached — threat actors accessed customer data and reservations, and are actively abusing it. A Reddit user says he reported the breach over two weeks ago after being phished with his own reservation details, but Booking said everything was fine on their end. "Given how weak their security appears to be, I'm not surprised"

🛑 Adobe released emergency fixes for a 9.6 CVSS flaw (CVE-2026-34621) in Acrobat/Reader, confirmed under active exploitation. A prototype pollution bug lets malicious PDFs run arbitrary code via JavaScript. Evidence shows attacks may date back to Dec 2025. 🔗 Read → https://t.co/y0BJMEd2ly

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.