Sobe

Holy sht.. Hackers are going to love this. Someone open sourced an all-in-one hacking toolkit that bundles every major pentesting tool into a Single CLI menu. You install it once and get instant access to tools across every category from anonymity, info gathering, wireless attacks, password cracking, web scanning, exploit frameworks, payload GENERATION, and more. It's called HackingTool. → One menu launches Tor, Anonsurf, Macchanger, and proxy chains in seconds → Bundles Nmap, Dracnmap, RED HAWK, and ReconSpider for full network recon → Ships SQLMap, XSStrike, WPScan, and SecretFinder for web exploitation → Includes John the Ripper, Hashbuster, and BruteX for password attacks 51K stars. Runs on any Linux distro. 100% open source.

Starlink V3 satellites have >10X bandwidth of V2 and there’ll be >10X launched, which means >100X more bandwidth. Also, altitude will be 350km vs 550km, so min latency can be cut in half. Light travels 300km/ms in space, so physics round trip min latency drops to <5ms.

⚠️ New "IronWorm" supply-chain attack: 30+ npm packages from @ asteroiddao shipped a malicious Rust binary firing on preinstall. It sweeps 86 env vars + 20 credential files (AWS, GCP, Vault, npm, plus AI keys like Anthropic & OpenAI), hits Exodus wallets, hides behind an eBPF rootkit, and beacons over Tor. Self-propagates via npm Trusted Publishing OIDC, with backdated commits faked as claude/dependabot/renovate.

GOOGLE'S INVESTMENTS SHOULD BE STUDIED. Google owns 7% of SpaceX and 14% of Anthropic, two of the biggest IPOs in history, both listing this year. $900 million invested in SpaceX in 2015 is now worth $126 billion, a 140x return. $13 billion invested in Anthropic is now worth $135 billion, a 10.4x return. Those two stakes are now worth $261 billion combined, an 18.8x blended return before either company has even gone public.

🚨 Claude Code's GitHub Actions Vulnerability Lets Attackers Compromise Any Repository Source: https://t.co/lb0fzVp2ox A critical supply chain vulnerability in Claude Code's GitHub Actions that could allow attackers to compromise any repository using Anthropic's official CI/CD workflow, including Anthropic's own infrastructure. When combined with prompt injection techniques, it could enable a fully unauthenticated external attacker to exfiltrate secrets, steal OIDC tokens, and push malicious code to any downstream repository that depends on the Claude Code GitHub Actions workflow. Claude Code GitHub Actions restricts workflow execution to users with write or admin access. However, the checkWritePermissions function unconditionally trusted any actor ending in [bot] regardless of actual permissions. #cybersecuritynews