Nick Smit

Microsoft is investigating mistralai PyPI package v2.4.6 compromise. Attackers injected code in mistralai/client/__init__.py that executes on import, downloads hxxps://83[.]142[.]209[.]194/transformers.pyz to /tmp/transformers.pyz, and launches a second-stage payload on Linux. The file name transformers.pyz appears deliberately chosen to mimic the widely used Hugging Face Transformers library and blend into ML/dev environments. The main payload is a credential stealer, but it also includes country-aware logic; it avoids Russian-language environments and contains a geo fenced destructive branch that has 1-in-6 chance of executing rm -rf / when the system appears to be in Israel or Iran. To mitigate this threat: isolate affected Linux hosts, block 83[.]142[.]209[.]194, hunt for /tmp/transformers.pyz, pgmonitor[.]py, and pgsql-monitor.service, and rotate exposed credentials.

The most insane long game hack of all time! North Korea built an entire trading firm Conference passes In-person meetings Multiple countries Half a year of Telegram messages and working sessions Even $1M of their own capital deposited to look legitimate Then when all the pieces were in place they stole $280M Drift just released the full incident background and it’s wild! Fall 2025: A "quant trading firm" approaches contributors of Drift at a major conference. They Follow up in person across multiple countries. Technically fluent. Verifiable backgrounds. Typical trust building stuff. December-March: They onboard a real Ecosystem Vault and attend working sessions They even deposit $1M to further build ‘trust’ The long con had set in and by early 2026, these weren't strangers anymore They had now built a 6-month working relationship Then they share some repos which is routine stuff The attack vector: a VSCode/Cursor vulnerability flagged by the security community throughout late 2025. Opening a file was enough. Silent code execution. No prompt. No warning. Nothing. The moment the exploit fired, every Telegram message and trace of malware was scrubbed clean No record or trace left Every team managing meaningful TVL is a target and no one is safe from professional jobs such as this Six months of infiltration and a trusted relationship, not just a sketchy email link The bug is patched but the real attack vector was the relationship and patience How do you protect against that? 🤯