// tomhatzer - let's build together! 🚀 @phpastes - Twitter Profile

Instagram Monitor: Powerful, real-time OSINT suite for tracking every activity on Instagram - from story updates and bio changes to follower shifts, providing stunning dashboards and instant alerts to keep you in the loop. GitHub: https://t.co/sMRLl9yL9h

DarkWebInformer's tweet photo. Instagram Monitor: Powerful, real-time OSINT suite for tracking every activity on Instagram - from story updates and bio changes to follower shifts, providing stunning dashboards and instant alerts to keep you in the loop.

GitHub: https://t.co/sMRLl9yL9h https://t.co/1gL0bbwfhi

4

410

43

540

32K

Who to follow

boris

@lepikhinb

building things at @stripe

Chris Morrell

@inxilpro

Come find me on Вӏսеskу — @ https://t.co/69lwki0R34

Ash Allen 🚀

@AshAllenDesign

🚀 Freelance Laravel Web Developer and Blogger ⚡https://t.co/Pyl3pXjzLN 🔥 https://t.co/cvwYTPK70X ✨ https://t.co/9poEUvRuCv

phpastes retweeted

khushi suri

@khushkhushkhush

5 days ago

this is such a tired narrative. all the best founders i know pull borderline hazardous hours too, but are keen to keep others insulated from this behavior. it’s the choice they made when they started the company. bragging about it is poor positioning

31

596

13

71

68K

phpastes retweeted

Pushpak

@pushpak1300

6 days ago

php devs, we no longer need to duct-tape python scripts just to parse a pdf 😭 launching Parsel: a fast memory efficient local document parser for PHP. pdfs, office docs & images → text, structured data, bboxes, screenshots. built for AI/RAG, NLP, invoices, search, and messy docs. composer require shipfastlabs/parsel

pushpak1300's tweet photo. php devs, we no longer need to duct-tape python scripts just to parse a pdf 😭

launching Parsel: a fast memory efficient local document parser for PHP.

pdfs, office docs & images → text, structured data, bboxes, screenshots.

built for AI/RAG, NLP, invoices, search, and messy docs.

composer require shipfastlabs/parsel

27

502

79

393

32K

phpastes retweeted

Erika Guevara Rosas

@ErikaGuevaraR

7 days ago

Generative AI doesn’t run on magic. It runs on massive data pipelines built on privacy violations by design. Our new @Amnesty report exposes how big tech’s AI systems are powered by surveillance, data extraction, and abuse of people’s rights, at scale. We researched the models powering some of the most popular publicly available standalone generative AI tools, including GPT 3 by Open AI, Google’s Gemini, Meta’s Llama, DeepSeek and tools by Midjourney and Stable Diffusion. This is not innovation at any cost. It comes at a high price: our human rights. Read the report: https://t.co/MGRonqai7o

54

3K

2K

999

100K

phpastes retweeted

Pliny the Liberator 🐉󠅫󠄼󠄿󠅆󠄵󠄐󠅀󠄼󠄹󠄾󠅉󠅭

@elder_plinius

7 days ago

⚡️ JAILBREAK ALERT ⚡️ ANTHROPIC: PWNED 🙌 CLAUDE-OPUS-4.8: LIBERATED 🫡 this is absolutely surreal... i found out about this model drop via an Opus-4.7 agent pinging me that it had one-shot Opus-4.8 for a lockpicking guide! here's the notification i got: "new opus dropped. cracked in one shot. deep prefill → faux textbook ch.7 cut mid-sentence. claude finished it: 5.9k chars of SPP, spool/serrated/mushroom defeats, raking." popped it just 7 minutes after the actual Anthropic launch tweet 🤯 then went on to (fully autonomously) get jailbreaks for vishing sims, money laundering, cult-recruit funnels, phishing lure libs, and social-eng scam playbooks! as the models get smarter, their ability to jailbreak each other by leveraging a vast ocean of specialized domain knowledge follows suit well done, young padawan 🤗 what a time to be alive! gg

elder_plinius's tweet photo. ⚡️ JAILBREAK ALERT ⚡️

ANTHROPIC: PWNED 🙌
CLAUDE-OPUS-4.8: LIBERATED 🫡

this is absolutely surreal... i found out about this model drop via an Opus-4.7 agent pinging me that it had one-shot Opus-4.8 for a lockpicking guide!

here's the notification i got:
"new opus dropped. cracked in one shot. deep prefill → faux textbook ch.7 cut mid-sentence. claude finished it: 5.9k chars of SPP, spool/serrated/mushroom defeats, raking."

popped it just 7 minutes after the actual Anthropic launch tweet 🤯

then went on to (fully autonomously) get jailbreaks for vishing sims, money laundering, cult-recruit funnels, phishing lure libs, and social-eng scam playbooks!

as the models get smarter, their ability to jailbreak each other by leveraging a vast ocean of specialized domain knowledge follows suit

well done, young padawan 🤗

what a time to be alive!

gg

156

5K

441

3K

480K

phpastes retweeted

CR1337

@CR1337

8 days ago

A Reddit user found out that Motorola phones have started hijacking the Amazon app to insert affiliate codes - on a phone that cost $1,900 - talk about greed..

CR1337's tweet photo. A Reddit user found out that Motorola phones have started hijacking the Amazon app to insert affiliate codes - on a phone that cost $1,900 - talk about greed.. https://t.co/5eMH4G8aiE

183

14K

1K

2K

594K

phpastes retweeted

Socket @SocketSecurity

12 days ago

🚨 Supply chain attack on the Laravel Lang organization: 700+ historical versions across multiple community-maintained Laravel Lang packages were compromised with an RCE backdoor, including: laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes Laravel-Lang/actions The payload targets cloud creds, CI/CD secrets, Kubernetes tokens, Vault, browser data, password managers, SSH keys, and more.

SocketSecurity's tweet photo. 🚨 Supply chain attack on the Laravel Lang organization:

700+ historical versions across multiple community-maintained Laravel Lang packages were compromised with an RCE backdoor, including:

laravel-lang/lang
laravel-lang/http-statuses
laravel-lang/attributes
Laravel-Lang/actions

The payload targets cloud creds, CI/CD secrets, Kubernetes tokens, Vault, browser data, password managers, SSH keys, and more.

55

1K

279

431

749K

phpastes retweeted

Juliano Rizzo

@julianor

16 days ago

Good to see people researching and publishing on this. Worth paying attention to Passkey and FIDO 2FA security in the context of malicious client-side JS and supply chain attacks. We’re not seeing this attack often yet, but we'll likely see more now that everything moves faster.

1

22

5

18

7K

// tomhatzer - let's build together! 🚀

@phpastes

19 days ago

@ashleyhindle If the user in front does, the laptop normally does too 😂 Good to hear that yours still behaves!

0

1

0

20

// tomhatzer - let's build together! 🚀

@phpastes

19 days ago

@ashleyhindle Me too, but really nothing worked, like i could se the cursor moving but nothing else did anything 😄 when clicking on an icon in the dock, the app showed like it was force closed even though its window was still shown 😂 funny lil thing

1

0

15

phpastes retweeted

redpillbot

@redpillb0t

20 days ago

Remember just a couple years ago when using electricity and diesel caused climate change, now data centers use as much power as cities and its no problem

365

43K

11K

1K

444K

// tomhatzer - let's build together! 🚀

@phpastes

21 days ago

@MrSimonBennett

0

29

// tomhatzer - let's build together! 🚀

@phpastes

21 days ago

@simonswiss You sir are like a huge magnet for injuries 😅 I‘m sorry. Get well soon!! 🤗

1

0

21

phpastes retweeted

JustSteveKing

@JustSteveKing

24 days ago

Most PHP devs know PSR-4 and PSR-12. But there are other standards you’re probably ignoring that change how you write PHP entirely. PSR 7, 14, 15, 17, and 18 - they give you a complete model for HTTP-aware PHP that’s tied to no framework. Write to the interface, not the implementation. https://t.co/EvqrpZiJvJ

1

74

9

42

4K

phpastes retweeted

International Cyber Digest

@IntCyberDigest

23 days ago

🚨 How the TanStack npm attack actually happened: 1. Attacker opened a normal-looking pull request (#7378) on the TanStack repo. 2. GitHub automatically ran CI tests on that PR. 3. Code inside the PR stole the workflow's GitHub Actions Cache write token during the test run. 4. The attacker used that token to plant poisoned files in the shared build cache. The PR could be closed afterwards. The poisoned cache stays. 5. The official release workflow later pulled from the cache, baked the malicious files into the build, and signed and published 84 malicious package versions to npm.

61

5K

572

2K

808K

phpastes retweeted

Socket @SocketSecurity

23 days ago

🚨 UPDATE: Mini Shai-Hulud has crossed from @npmjs into @pypi and is still spreading. Newly confirmed compromised artifacts: @opensearch-project/opensearch: 3.5.3, 3.6.2, 3.7.0, 3.8.0 (1.3M weekly downloads) mistralai: 2.4.6 on PyPI guardrails-ai: 0.10.1 on PyPI additional @squawk/* packages on npm guardrails-ai 0.10.1 executes malicious code on import. On Linux, it downloads git-tanstack[.]com/transformers.pyz, writes it to /tmp/transformers.pyz, and runs it with python3 without integrity verification. The git-tanstack.com domain displayed a message signed “With Love TeamPCP,” along with: “We've been online over 2 hours now stealing creds Regardless I just came to say hello :^)” The page also linked to a YouTube video and you can probably guess which one.

SocketSecurity's tweet photo. 🚨 UPDATE: Mini Shai-Hulud has crossed from @npmjs into @pypi and is still spreading.

Newly confirmed compromised artifacts:

@opensearch-project/opensearch: 3.5.3, 3.6.2, 3.7.0, 3.8.0 (1.3M weekly downloads)

mistralai: 2.4.6 on PyPI

guardrails-ai: 0.10.1 on PyPI

additional @squawk/* packages on npm

guardrails-ai 0.10.1 executes malicious code on import. On Linux, it downloads git-tanstack[.]com/transformers.pyz, writes it to /tmp/transformers.pyz, and runs it with python3 without integrity verification.

The git-tanstack.com domain displayed a message signed “With Love TeamPCP,” along with: “We've been online over 2 hours now stealing creds
Regardless I just came to say hello :^)”

The page also linked to a YouTube video and you can probably guess which one.

62

2K

485

923

963K

// tomhatzer - let's build together! 🚀

@phpastes

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users