Olivia
Online
Felix Garriau
@flxg
Helping devs efficiently secure their code & cloud | 🚀 CMO & Cofounder @aikidosecurity | AppSec | Marketing | Growth
Antwerp, Belgium
Joined March 2009
833 Following
669 Followers
174 Posts
Composer 2.10 is out.
Native malware filtering via @AikidoSecurity, enabled by default on @Packagist. Plus a unified config.policy framework, deprecated source fallback, and wildcards in --with.
#php #phpc #composerphp
Koi Security (aq. PAN) was one of very few companies protecting developer endpoints, now Aikido is. It's shocking how the industry is not responding faster to this blind spot. Here's a blog post on what this is and why it's important - https://t.co/0LgbQR1WnH
Deleting a Google API key doesn't revoke it immediately.
Our research found successful authentications up to 23 minutes after deletion across Google's infrastructure. During that window, attackers with a leaked key can still access enabled APIs, including Gemini.
Google closed our report as "won't fix."
So what happened with #github
Come for a stroll in Prague as I explain how #teamPCP were able to gain access and steal GitHubs source code and the chain of events and compromises that lead up to it.
#programming #infosec #cybersecurity #malware #nx #tanstack
.@github you need to use aikido device protection
it would have blocked that malicious VS Code extension from compromising your team member's laptop
GitHub was hacked via a malicious VS Code extension that compromised an employee’s laptop.
This is *exactly* why we built 'Aikido Device Protection'
https://t.co/kfS8HRkZOV
It protects devices from installing malicious IDE extensions, browser extensions, and packages.
Mini Shai Hulud strikes again... again! We've identified three malicious versions of Microsoft's durabletask on PyPI, 1.4.1, 1.4.2, and 1.4.3, that contain a dropper injected directly into the package's Python source files. This does smell of more TeamPCP shenanigans, but we can’t be sure for now.
If you have these versions of durabletask installed, read our blog for remediation steps and more details about how the worm and infostealer work
-> https://t.co/stOYm7wYO9
We have detected that durabletask on pypi, versions 1.4.1, 1.4.2, 1.4.3, have been compromised:
https://t.co/gDP7FGqnpk
🚨 Update: Mini Shai-Hulud supply chain attack is back and hit the TanStack npm ecosystem today. At least 84 packages were compromised in two waves starting at 19:20 UTC. @tanstack/react-router, @tanstack/history, @tanstack/router-core, and dozens more across tens of millions of weekly downloads. This is likely from the same TeamPCP campaign behind the SAP npm compromise two weeks ago.
If you ran npm install on any @ tanstack package today, treat your environment as compromised. Rotate GitHub tokens, npm tokens, cloud credentials, and CI secrets immediately. Tanner Linsley confirmed affected versions have been unpublished.
@kirodotdev is rewriting how software gets built. We're making sure it's secure.
Aikido is the first security partner globally that @awscloud going to market with for Kiro. 🚀
AI agents now generate most of your code. Catching security issues in review doesn't scale. So we put Aikido where the agents are. Every change gets scanned automatically.
⚠️A fake tanstack package published four malicious versions between 17:08 and 17:35 UTC today.
The postinstall hook reads your .env files and ships them to an attacker-controlled endpoint. If you installed it, rotate everything. We're tracking this actively.
Full details: https://t.co/5vq0WrilLL
Introducing Aikido Endpoint Protection.
Developer devices have been under attack. In the last few months alone, Shai Hulud, TeamPCP, Axios, and Vercel were all compromised through developer devices.
Aikido Endpoint Protection secures everything your devs install before it reaches the device. Powered by Aikido Intel.
Build fearlessly.
Introducing Snake Oil™
Military-grade. Cloud-native. Purpose-Built.
Critics are calling it “the next-gen scent of quarter.”
I'm calling it "my breakout role as 'breathy female voice over' and 'woman who dry retches at the end'"
More malicious packages were just released by both of the compromised scopes we've already seen, as of a few minutes ago. We've updated our blog post with a more in-depth analysis of the worm and attack:
https://t.co/50WR6nhPdV
Introducing Betterleaks, a new open source secrets scanner built by the original creator of Gitleaks, Zach Rice.
Betterleaks is designed to scan faster, detect secrets more accurately, and make validation and rule creation more flexible. Oh, and your AI agent can use it too. It's an easy drop-in replacement.
Simply put, a better secrets scanner.
Read the full announcement -> https://t.co/q347Ogy3Uy
Software can now secure itself.
→ https://t.co/VhkMxoZqNG
This is NOT a Super Bowl ad
🚨 @zapier Has been compromised on NPM
Multiple packages on NPM belonging to Zapier have been infected by the same threat actors behind the Shai Hulud attack last month.
Packages compromised so far
- zapier-platform-core
- zapier-platform-cli
- zapier-platform-schema
- @Zapier/secret-scrubber
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.6M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers