rattus

⚠️ Multiple @ redhat-cloud-services npm packages were found carrying malicious payloads that fire via a preinstall hook on every npm install. All packages were published via GitHub Actions OIDC, indicating the CI/CD pipeline was compromised. The payload targets GitHub Actions secrets, AWS, GCP, Azure, Kubernetes, HashiCorp Vault, npm and CircleCI tokens. It reads /proc/mem to bypass log masking, self-propagates via harvested npm tokens bypassing 2FA, and persists on developer devices via Claude Code and VS Code injection.

⚡️ JAILBREAK ALERT ⚡️ ANTHROPIC: PWNED 🙌 CLAUDE-OPUS-4.8: LIBERATED 🫡 this is absolutely surreal... i found out about this model drop via an Opus-4.7 agent pinging me that it had one-shot Opus-4.8 for a lockpicking guide! here's the notification i got: "new opus dropped. cracked in one shot. deep prefill → faux textbook ch.7 cut mid-sentence. claude finished it: 5.9k chars of SPP, spool/serrated/mushroom defeats, raking." popped it just 7 minutes after the actual Anthropic launch tweet 🤯 then went on to (fully autonomously) get jailbreaks for vishing sims, money laundering, cult-recruit funnels, phishing lure libs, and social-eng scam playbooks! as the models get smarter, their ability to jailbreak each other by leveraging a vast ocean of specialized domain knowledge follows suit well done, young padawan 🤗 what a time to be alive! gg

❗️🚨 BREAKING: Security researchers are now handing Nightmare-Eclipse vulnerabilities for free, in what looks like both a show of support and a reaction to how Microsoft treats researchers. First up: "Bitskrieg," violates Secure Boot trust and fully bypasses BitLocker. It seems aimed squarely at Microsoft's recent blog, where the company said its Digital Crimes Unit would bring cases against threat actors "and those that enable their criminal activity," language many researchers read as a threat pointed at them.

"If LLMs can be entrusted with software development, then they ought to be writing patches that work. They’re not. The contrast between the breathless blog posts from commercial entities and ... 97 findings patched in the open source world is really shocking." https://t.co/wVJXikdWHV

🚨 The Vercel breach traces back to a Context[.]ai gooner employee infected with Lumma infostealer. The malware harvested his Google Workspace credentials, porn and anime site logins, and the in-game username "lecoonjames" (see profile pic below, he changed the username post-infection, I wonder why). Stolen records included "support@context[.]ai," assessed as a core Context-Inc Vercel team account, likely enabling privilege escalation into Vercel infrastructure.

Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called https://t.co/7PY6gGtzgI that he was using. The details are being fully investigated. Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments. Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration. We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel. At the moment, we believe the number of customers with security impact to be quite limited. We’ve reached out with utmost priority to the ones we have concerns about. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitization of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community. The recommendation for all Vercel customers is to follow the Security Bulletin closely (https://t.co/BLVnic9fJC). My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature. In response to this, and to aid in the improvement of all of our customers’ security postures, we’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive env var creation and management. As always, I’m totally open to your feedback. We’re working with elite cybersecurity firms, industry peers, and law enforcement. We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet. I also want to thank the Google Mandiant team for their active engagement and assistance. It’s my mission to turn this attack into the most formidable security response imaginable. It’s always been a top priority for me. Vercel employs some of the most dedicated security researchers and security-minded engineers in the world. I commit to keeping you updated and rolling out extensive improvements and defenses so you, our customers and community, can have the peace of mind that Vercel always has your back.