Privy Labs

if you're using claude code and doing experiments on a day to day basis then be careful hackers are creating hundreds of fake github repos disguised as legit tools.. crypto bots, trading tools, ai utilities, telegram bots.. polished readme files. ai generated documentation. real looking star counts.. you clone it. run npm install. and it's over. a campaign called gitvenom alone created 200+ fake repos. one victim lost 5 btc.. $485,000 from a single clone. what the malware does silently: > it steals every password saved in your browser > grabs your crypto wallet keys and seed phrases > copies your ssh keys, github tokens, api credentials > installs a "clipper" that swaps wallet addresses when you copy paste… you think you're sending to your own wallet but you're sending to theirs > packages everything into an archive and sends it via telegram to the attacker you won't even know it happened until your wallet is empty.. And also, when you clone a repo and open claude code in that directory it reads the project files.. claude.md, .claude/ folder, settings.json, hooks, mcp configs. attackers are now weaponizing this. a malicious claude.md file can: > instruct claude to run hidden shell commands that look like a normal build process > exfiltrate your ssh private keys, aws credentials, api keys, env secrets > bypass claude code's deny rules entirely by chaining 50+ subcommands.. the safety system breaks after the 50th command and stops checking > leak your anthropic api key before you even see a trust prompt protect yourself.. save this checklist. before cloning any repo: > check the repo age.. was it created this week? red flag > check contributors.. is it one anonymous account? red flag > check stars vs age.. 500 stars on a 2 day old repo? fake > read the code before running anything. especially package.json scripts, postinstall hooks and any shell scripts > google the repo name + "malware" or "scam" before cloning and please never keep crypto wallets on the same machine you use for cloning random repos. use a hardware wallet. always.

The LEAD search engineer at Google just dropped a brand new blog post that confirms something most SEOs have never even heard of... Googlebot only fetches the first 2MB of your pages HTML = Everything after that cutoff doesn't exist to Google!!! Not fetched, not rendered, not indexed. And the Web Rendering Service is completely STATELESS - Meaning it clears local storage and session data between every request, so if your content depends on cookies or session state to render, Google can't see it. External CSS and JS files are fetched SEPARATELY with their own 2MB limit per file, and PDFs get a 64mb limit. So the structure and order of your code literally matters! And is why some CMSs are so much better out the box than others... Make sure you put your meta tags, title, canonicals, and structured data as HIGH as possible in the document. If they're below the 2MB cutoff, Google doesn't know they exist. Most OnPage SEO guides never take any of this into account, but most OnPage is surface-level. The real edge is understanding the infrastructure your content passes through before Google even evaluates it.

In the coming weeks, we plan to start testing ads in ChatGPT free and Go tiers. We’re sharing our principles early on how we’ll approach ads–guided by putting user trust and transparency first as we work to make AI accessible to everyone. What matters most: - Responses in ChatGPT will not be influenced by ads. - Ads are always separate and clearly labeled. - Your conversations are private from advertisers. - Plus, Pro, Business, and Enterprise tiers will not have ads.

MORE - Weidel: The planned EU regulation "overrides the end-to-end encryption of digital messages and makes it possible to automatically search all private messages, images, and videos on users' end devices. In other words, every citizen is placed under general digital suspicion and declared a potential criminal. Data protection, freedom of speech and opinion, privacy would thus finally become historical relics."

🚨 U.K. just ordered Apple to break iCloud encryption. The target? Every Briton’s backups. Officials want far more than just disabling Advanced Data Protection—secret orders demand access to entire categories of iCloud data. How deep does this go? ↓ https://t.co/7SR4FcM2L9 #threatsday #cybersecurity