Olivia
Online
JFrog Security
@JFrogSecurity
The JFrog Security Research Team empowers developers and companies to excel by identifying, prioritizing, and mitigating software risks.
USA / Israel
Joined November 2017
304 Following
5K Followers
1.5K Posts
@vxunderground Full teardown of the beast - https://t.co/5WgC4qSxNZ
The software supply chain has a new predator. 🐛
Meet Iron Worm, the "rustier cousin" of the infamous Shai-Hulud worm. Just like its predecessor, it burrows into dev environments, steals credentials, and self-propagates through trusted GitHub and npm workflows.
Except this one is built in heavy, async Rust, hides behind an eBPF kernel rootkit, and talks over Tor.
Full teardown of the beast:
https://t.co/9Tn4G8tluW
See our full technical blog:
https://t.co/G8YNXtD2KE
🚨 Security Alert: Multiple Red Hat Cloud Services npm packages have been compromised in a new supply chain incident (@redhat-cloud-services)
The embedded malware executes silently upon installation, targeting local environments to harvest sensitive CI/CD secrets and cloud access tokens.
We will share our full technical analysis blog post soon. Stay tuned. 🛡️
Who to follow
Department of Education and Youth
@Education_Ire
Official X account of the Department of Education and Youth, Ireland.
https://t.co/C01DWAgq0r
Soufiane
@S0ufi4n3
A random infosec/science enthusiast guy...
This account is personal and only reflects my opinions, not those of my employer...and if it hurts your feelings🖕
urlscan.io
@urlscanio
A sandbox for websites - Find malicious websites and phishing - https://t.co/LfPJPBGXFV - https://t.co/XjI4zJaBBp - #threatintel #cybercrime #infosec #web #phishing
JFrog Catalog users can follow this ongoing campaign with the new label, "Miasma: The Spreading Blight"
(will be live soon)
The malware is a Shai Hulud / TeamPCP paylaod
List of compromised packages:
@redhat-cloud-services/chrome
@redhat-cloud-services/compliance-client
@redhat-cloud-services/config-manager-client
@redhat-cloud-services/entitlements-client
@redhat-cloud-services/eslint-config-redhat-cloud-services
@redhat-cloud-services/frontend-components
@redhat-cloud-services/frontend-components-advisor-components
@redhat-cloud-services/frontend-components-config
@redhat-cloud-services/frontend-components-config-utilities
@redhat-cloud-services/frontend-components-notifications
@redhat-cloud-services/frontend-components-remediations
@redhat-cloud-services/frontend-components-testing
@redhat-cloud-services/frontend-components-translations
@redhat-cloud-services/frontend-components-utilities
@redhat-cloud-services/hcc-feo-mcp
@redhat-cloud-services/hcc-kessel-mcp
@redhat-cloud-services/hcc-pf-mcp
@redhat-cloud-services/host-inventory-client
@redhat-cloud-services/insights-client
@redhat-cloud-services/integrations-client
@redhat-cloud-services/javascript-clients-shared
@redhat-cloud-services/notifications-client
@redhat-cloud-services/patch-client
@redhat-cloud-services/quickstarts-client
@redhat-cloud-services/rbac-client
@redhat-cloud-services/remediations-client
@redhat-cloud-services/rule-components
@redhat-cloud-services/sources-client
@redhat-cloud-services/topological-inventory-client
@redhat-cloud-services/tsc-transform-imports
@redhat-cloud-services/types
PSA: False positive regarding npm "puppeteer" v25.0.1.
Yesterday, GHSA flagged npm "puppeteer" v25.0.1 (10M+ weekly downloads) as malicious (GHSA-8r2f-2qg4-cv9v). Despite this version being over 2 weeks old, automated alerts suddenly spiked.
Good news: This is a FALSE POSITIVE. Our JFrog Security research team monitors with a human in the loop to verify threats, so automated errors don't shut down production for our customers. 🛡️🐸
@safedepio Thanks for referencing our blog! Really enjoyed your take on this. Keep up the great work! ���
@AndreGironda Thank you for referencing our piece! Great read, we really appreciate the share.
Seems like OSV got the message, but in the fix process, deleted a truly malicious package entry:
@tanstack/solid-router-devtools (1.166.16, 1.166.19)
from one of the recent Shai-Hulud attacks
https://t.co/2mV44I48A9
Heads up if your CI pipelines are failing right now! 🚨 OSV seems to be experiencing a major wave of false positives over the last few hours, incorrectly flagging massive, highly-trusted packages as malicious.
A few of the biggest casualties so far:
• npm @tanstack/start-storage-context (1.167.4)
• PyPI fastapi (0.136.3)
• PyPI strawberry-graphql (0.315.6)
• npm @nx/key (5.0.7)
If your deployment is bricked, verify manually before panicking. Automation is a tool, not a judge.
@cdiamond This isn’t just a “gatekeeping new releases” issue. False positives affecting packages already in production can create serious operational outages.
Security teams are falling into the dangerous #AIgovernancegap where confidence is overplayed, and enforcement is underpowered.
In our 2026 Software Supply Chain Security State of the Union, we found as expected that the attack surface has expanded to include AI models, IDE extensions, and #MCP servers, leaving traditional defenses demonstrably unequipped.
Is your governance running continuously where it matters?
Ready to deep dive into the AI governance gaps and how to close them?
We unpack this and more of the report's findings in our latest blog: https://t.co/UMxnVZpvmT
#devgovops #devsecops #devops #CyberSecurity #SoftwareSecurity
#AI has changed how software is built, and how fast it can be attacked. In our 2026 Software Supply Chain Security State of the Union, we found:
📈 Malicious npm packages surged 451%
🤖 Injection vulnerabilities spiked 3,110%
⏱️ 48% of organizations need 1+ week to generate proof for a compliance audit
The AI Governance gap is real - In other words the gap between reported security confidence and actual coverage is wider than most teams realize and the 2026 data shows exactly where.
Read the full report to find out where your defenses stand: https://t.co/3NElYMOnYT
#DevGovOps #DevSecOps #SoftwareSupplyChain #Cybersecurity #AppSec
@nutildah JFrog Curation customers using an immaturity policy were fully protected from this attack, as all of the hijacked packages were flagged in less than 24 hours.
“Shai Hulud: Here We Go Again” (May 19 wave) PyPI supply chain campaign has returned! “durabletask” versions 1.4.1, 1.4.2, 1.4.3 have been compromised. These versions have been uploaded to PyPI ~2 hours ago and are STILL LIVE 🧵
We have updated our blog with the technical details:
https://t.co/YcMJmkTrtb
The malicious versions have now been yanked
This payload’s primary new capability is wormability - it now spreads itself laterally across AWS environments (via SSM) and Kubernetes clusters (via kubectl exec), turning a single compromise into a multi-host infection!
See our blog for more information.
The malicious packages download new payloads - “managed.pyz” and “rope.pyz” which are extremely similar to the “transformers.pyz” payload previously analyzed by our team - https://t.co/2mV44I48A9
Last Seen Users on Sotwe
Sexy Girl
Seen from Thailand
RyanskaUtomo
Seen from Indonesia
DOYUMSUZ TÜRBANLI
Seen from Turkey
Manuel Zahir
Seen from United Arab Emirates
Meme hastasi
Seen from Netherlands
Vạn sử khởi đầu nan tương lai ( chưa tính )
Seen from Vietnam
Deniz Kaya
Seen from Netherlands
𓆩Suzie𓆪💖HOT WEEK ON OF 💖
Seen from Mexico
Aktif CD
Seen from Turkey
YEHH SEKUPANG
Seen from Malaysia
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers