Olivia
Online
eastside mccarty
@eastsidemccarty
Founder of OpenSourceMalware. Researcher, startup founder, Software Supply Chain Threat Intel
Australia
Joined September 2012
644 Following
623 Followers
1.4K Posts
@vortexau I’ve given up on MSRC/github/etc. itsca sinking ship
Wanna gain some visibility into what bad guys might be targeting in your software supply chain? Use the free @ossmalware alerts feature, which will notify you if a malicious software component is targeting something you care about.
DPRK is evolving quickly. In addition to changes you note while they are still using Vercel for c2, they are also using IPs behind https://t.co/7KeazO1uQ0 shorteners, as well as new surge of custom domains. Biggest change: they have pivoted to hiding payloads in pre-commit and post-checkout git hooks.
Famous oxymorons:
Who to follow
Link to announcement: https://t.co/QfyDHpedpZ
Heya @airwallex, this is not a good look. Discriminating against people older than 25 is crazy and probably illegal. Do you follow this same practice in your hiring or procurement policies?
@0xLupin @CharlieEriksen @adnanthekhan They are learning and evolving. They saw the success of DPRK use of VS Code tasks files and pivoted to that pretty quickly
@vxunderground If the TA really exfil'd PII via a leaky API, then @Polymarket is at fault here. Guessing they are silently wrapping those endpoints with auth as we speak.
@PolymarketDevs So, to clarify, the user PII and associated wallets were all meant to be public?
This is crazy! @wiz_io researchers found that you could get remote code execution by sending a malicious payload via a git push command like this:
"git push -o <malicious-payload>"
Boom! That's it!
Like, I said CRAZY!
https://t.co/EVwy2H6ijr
Dear @Lovable,
The recent changes you've made to your AI function UI are a disaster. The older way, where I could just hit Ctrl-J and edit inline, was simple, but it worked. The recent changes make things soooo much more complicated:
1. The sidebar on the right is disjointed from the inline experience. Am I editing the whole doc? Am I editing the highlighted section? I dunno! Fuck me, this is dumb.
2. When you perform AI edits, you don't get the simple "Accept inline" or "Insert below" options you used to get. Now, you get a non-intuitive "Show Changes" or a symbol that could be "return key" or "go back". I dunno which. When the user doesn't know how to accept edits, you know the UX has failed.
You have created an overly complex AI UX, and frankly, it feels like you just decided to ship stuff. You didn't really test these changes; you just yolo'd some complicated shit and ruined what was a simple, effective UI. And this is the problem with vibe-coding: the speed and ability to ship quickly lure people into thinking they NEED to push shit, when maybe, really, they shouldn't.
Maybe spend more time triaging your bug bounty program and overseeing your pull requests, and less yoloing UI changes?!
Been caught up in the @vercel hack? If so, I created an incident response playbook to help you figure out what to do, and how to tell if you need to call somebody: https://t.co/6EbTMYGHpU
@VeloraDEX @Velora You need to unpublish version 9.4.1 of the NPM package, as it's still available for download. If you can't unpublish a specific version, you can unpublish the whole package, then republish with just version 9.4.2
@aakashgupta WTF. This is blatantly wrong.
Axios attack = UNC1069 = DPRK.
Litellm/trivy attack = TeamPCP = not DPRK.
This is where our society is: AI spewing shit snd kooks perpetuating it
@adnanthekhan That was genuinely sad to read until i remembered clawdbot is just text prediction on steroids and it was just parroting HAL/Roy Batty quotes
Last Seen Users on Sotwe
Türk İfşa Alemi
해
Seen from Korea
Adri164
Seen from United States
tamari
Seen from United Kingdom
ROSHY
Seen from India
Nเปิ้ล #ไซด์ไลน์บางใหญ่#รับงานบางใหญ่
Seen from Thailand
คนในความลับ🤭🤫🤭🤭
Seen from Thailand
Boşuna Tıklama
Seen from Turkey
🎃 Vayr Wolf 🎃
Seen from France
Futbol Sever
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers