⚠️ New "IronWorm" supply-chain attack: 30+ npm packages from @ asteroiddao shipped a malicious Rust binary firing on preinstall.
It sweeps 86 env vars + 20 credential files (AWS, GCP, Vault, npm, plus AI keys like Anthropic & OpenAI), hits Exodus wallets, hides behind an eBPF rootkit, and beacons over Tor. Self-propagates via npm Trusted Publishing OIDC, with backdated commits faked as claude/dependabot/renovate.
𝗛𝗢𝗪 𝗗𝗢 𝗬𝗢𝗨 𝗛𝗔𝗖𝗞 𝗧𝗛𝗘 𝗣𝗘𝗡𝗧𝗔𝗚𝗢𝗡 𝗔𝗡𝗗 𝗚𝗘𝗧 𝗖𝗔𝗨𝗚𝗛𝗧 𝗕𝗬 𝗔 $𝟮𝟱𝟬 𝗧𝗥𝗔𝗡𝗦𝗔𝗖𝗧𝗜𝗢𝗡.
– Kai West was 25, British, and running the dark web's biggest stolen data marketplace under the name IntelBroker
– His victim list reads like a who's who. Apple. AMD. Cisco. Nokia. General Electric. Europol. The US Pentagon.
– And a database containing the personal information of every member of the US Congress.
– He sold everything in Monero only. Untraceable by design. For 2 years nobody could touch him.
– Then in January 2023 an FBI agent reached out to buy $250 worth of stolen data and talked him into accepting Bitcoin just this once
– That $250 went into a wallet tied to his real Coinbase account. Registered with his actual UK driver's license. His real name and his real face.
– The FBI spent the next 2 years quietly building the case. Matching his YouTube watch history to posts on his hacker forum. Piecing everything together.
– He even had a fake LinkedIn saying he worked at the UK equivalent of the FBI. They publicly said they had never heard of him.
– In January 2025 he stepped down from running the forum. Said he was "too busy."
– He was arrested in France 3 weeks later.
– $25 million in damage. 40+ companies. 2 years of running the biggest stolen data operation on the dark web.
Brought down by $250 and one moment of trusting the wrong coin.
The most untraceable hacker on the internet forgot that Coinbase needs your ID.
Authorized testing on a production API endpoint. Opus 4.7 confirmed the SQL injection was real but couldn't pull any database names. sqlmap said false positive.
I switched to DeepSeek V4 Pro inside Claude Code and it figured out a trick: make the database answer yes/no questions by crashing on purpose.
The payload wraps CASE WHEN around two XML casts. If the condition is true, it parses broken XML like <root>< and throws HTTP 500. If false, it parses clean XML like <root/> and returns HTTP 200. WAF was watching for SQL keywords, not XML errors.
Extracted 19 database names. DeepSeek V4 Pro succeeded where both Opus and sqlmap failed. Two hours. Twenty cents.
Setup: Mapped Claude Code to DeepSeek V4 Pro by creating ~/bin/claude-deep with ANTHROPIC_BASE_URL=https://t.co/RhiWu8K5Ja and ANTHROPIC_MODEL=deepseek-v4-pro[1m]. No config changes needed, original claude command stays untouched.
No cybersecurity restrictions!!!
Image 1: sqlmap output showing "false positive" / "all tested parameters do not appear to be injectable"
Image 2: Claude Code terminal showing 19 databases extracted in ~2 hours
Image 3: DeepSeek platform dashboard showing $0.20 total cost
Image 4: Why this trick is different from standard blind SQLi types and why sqlmap has no built-in vector for it
🇺🇦⚔️🇷🇺
Ukraine: GTA est désormais aussi utilisé comme plateforme de simulation pour former des opérateurs de drones FPV au sein de l’armée ukrainienne.