Olivia
Online
Corentin Bonneton
@Titin_dev
Dev’Ops | Apprenti-dompteur de Pingouin | CEO @HostMyServers
Annecy, France
Joined January 2012
1.7K Following
1.2K Followers
18.9K Posts
🚨 Attackers hijacked 400+ Arch #Linux AUR packages by taking over abandoned projects and changing their build scripts.
The payload stole developer secrets, targeted tokens and SSH keys, and could hide with an eBPF rootkit if it ran as root.
If you used AUR after June 11, check your system.
Details ➝ https://t.co/7ClUL4fKCo
@_SaxX_ On a pas encore eux le temps de voir les effets sur les sociétés FR qui ont déjà eux des fuites ses 24 derniers mois pilotés par des jeunes en école d’informatique 😂
The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees.
The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance.
Access to all other Claude models is not affected.
We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible.
Read our full statement: https://t.co/bwn0sximKZ
‼️ UPDATE: It just doesn't stop: Almost 900 Arch Linux packages infected now.
https://t.co/xpRTsucoxA
Who to follow
Quentin
@quentin_gbl
CTO at Eltrona (Former AS16347, AS29467, AS24611) - Coach 🏀
MilkyWan 🚀
@milkywan_net
Fournisseur d'Accès à Internet associatif dans toute la France ! https://t.co/N8n0aBnrF5 / https://t.co/bLRyCBhfXg
Cedric S.
@cedric_thd
Ingé réseau-télécom AS41114 OrneTHD / O-THD
🇫🇷 🇩🇪 - Régies ❤️ - IPv6 💪 - 🏍️✌️ - Schlager 🎧 - TV 📺 📡
@bluetouff La chaîne hyperliquid depuis quelques jours c’est un carnage. Infra à 90% au Japon, manque de réactivité des devs sur des issues depuis 3 mois…
Cédric, si jamais : https://t.co/aSb72hzMr2
🚀 Just launched: ExtendDB — an open source DynamoDB-compatible adapter written in Rust.
✅ Full wire-protocol compatibility ✅ PostgreSQL storage backend ✅ Pluggable architecture for more backends ✅ Works with existing AWS SDKs & CLI
Apache 2.0 | v0.1 — come build with us 🛠️
https://t.co/U6xouvSRwX
Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets - StepSecurity https://t.co/dnjfdAMLfM
‼️🚨 MAJOR IMPACT: AI just found an 18-year-old NGINX critical remote code execution vulnerability. It has been disclosed on GitHub including PoC code.
- Affects NGINX 0.6.27 through 1.30.0
- Triggered via the rewrite and set directives in config
- Update NGINX ASAP
- NGINX is a widely used HTTP web server, be sure to check its prevalence in other products
From REST to gRPC: Architecting High-Performance APIs in Python by @VineetSharmaIoT https://t.co/vI5nuOCFlz
Update: Socket has found 121 more compromised npm package artifacts across 84 package names, including 64 UiPath artifacts.
Combined w/ TanStack, the current known total is 205 affected npm package artifacts across enterprise automation, AI/MCP, auth, workflow, and dev tooling.
Yesterday @coinbase experienced a multi-hour service disruption affecting trading, exchange access, and balance updates. Here's our initial read from Coinbase engineering on what happened, how we recovered, and what we're addressing.
At approximately 23:50 UTC on 2026-05-07, our monitoring detected cascading quote failures from internal services that triggered multiple Sev1 incidents that engineering immediately began investigating. Customer-facing impacts included spot trading, Prime, International and derivative exchanges.
Root cause: a thermal event (cooling system failure) inside a subset of racks within a single building in AWS us-east-1. We run a primary replica of our exchange infrastructure in a single zone, consistent with industry standards to reduce latency. To prepare for failures like this, we maintain a distributed standby, but during this incident, failures in the primary zone that were designed to be isolated were not, extending the duration of our outage.
The failure cascaded down two paths:
1. Multiple hardware components beneath our exchange’s matching engine failed, requiring recovery and failover
2. Distributed Kafka clusters that manage messaging across Coinbase systems failed to remain available, also requiring partition failovers to new hardware brokers with many TiBs of data
After isolating the incident: automated tooling drained ~10 Kubernetes clusters worth of related workloads out of the affected zone to stabilize internal services. Most services were back to normal within ~30 minutes of diagnosis. The two things we couldn't automatically drain: the exchange (dedicated hardware and storage) and Kafka (managed service that was designed to be resilient to this, with unique problems).
The exchange matching engine is the core system responsible for processing orders and maintaining order books. It is a distributed cluster and requires quorum to safely elect a leader and continue processing trading activity. During the incident, infrastructure-level constraints in the affected datacenter left only a subset of nodes healthy, preventing the cluster from reaching quorum. As a result, trading across Retail, Advanced, and Institutional exchanges were blocked.
Recovery required our oncall and engineering teams to execute our disaster recovery plan, restore quorum safely, and validate system health under constrained infrastructure conditions. The team built, tested, deployed, and validated the fix while continuing to manage the broader incident.
Kafka recovery was a much larger scale operation. Our primary managed Kafka partitions process many terabytes of data daily and are designed with resiliency guarantees for uninterrupted operation during a datacenter failure just like this. In this case, those guarantees failed and required manual recovery.
We again relied on disaster recovery procedures to recover stuck partitions onto new hardware (brokers) that enabled us to safely bring x-service messaging back online across Coinbase. During the lag, customers saw delayed balance streams which resolved automatically once replication caught up. No data lost.
Once the engine came back up as part of our standard runbooks, we re-opened markets carefully: all products to cancel-only mode first, audited product states, then moved all markets to auction mode, before restoring trading on Coinbase Exchange.
What went right: the team. Incident response across the company came together within minutes, followed well-rehearsed playbooks and used secure automation tooling to recover all services. We have a strong, senior team at Coinbase that worked through rare failure modes to recover all services.
To our customers: losing access to your account, even temporarily, is unacceptable. We know that. We're sorry, and we’ll publish a full root cause analysis in the coming weeks 🙏
"Please meet our new CEO"
The new CEO:
🚨 SECURITY ALERT: The popular PyPI package lightning has been compromised in a supply chain attack.
⚠️ Affected Versions: 2.6.2 and 2.6.3
LE WD-40 c'est la vie !
Lors du marathon , les robots ont besoin d’arrêt au stand, comme des voitures de formule 1
If you’re a Vercel user acting on today’s security incident, here are some best next steps:
> Rotate all secrets in your Vercel dashboard immediately
> Bulk-migrate env vars to sensitive variables (@infisical has a Vercel sync you can use to quickly mark all secrets as sensitive)
> Set up automations to rotate DB creds and API keys on a schedule
> Use dynamic secrets, so DB credentials are short-lived
> Pull secrets at runtime through our SDKs instead of storing them in Vercel
> Make sure you have audit logs to see what was accessed
👉 Attendez-vous à une vague d'annonces de fuites de données dans les prochaines semaines. ➡️7 500+ sites Magento défacés en quelques heures dans une campagne de hacking coordonnée à l'échelle mondiale.
Magento, c'est l'un des CMS e-commerce les plus utilisés au monde — il propulse des centaines de milliers de boutiques en ligne, des PME aux grandes enseignes.
Derrière chaque site compromis : des données clients exposées, des coordonnées bancaires à risque, des tokens de session volables.
Les sites e-commerce qui n'ont pas patché leurs instances Magento sont des cibles faciles.
🔴 Si vous gérez un site e-commerce sous Magento : vérifiez vos versions, auditez vos logs, activez un WAF. Maintenant.
https://t.co/NtwVu6edOC
🚀 Nouveau chez @HostMyServers
Flatcar Linux est disponible en un clic sur vos VPS depuis votre espace client !
Distribution immuable, cloud-native, parfaite pour vos workloads conteneurisés ⚙️🐳 👉 https://t.co/4ajibtaYIB
#Linux #Kubernetes #DevOps #VPS
🚨 Composer 2.9.6 and 2.2.27 are out with fixes for CVE-2026-40261 and CVE-2026-40176, both command injection issues in the Perforce driver. Run composer self-update now. No exploitation detected on https://t.co/Gf5b9WSiRn and Private Packagist. #php #phpc #composerphp
🚩New Axios Vulnerability Exposes Apps to Remote Code Execution
https://t.co/2vJgl7Hhfo
Unfortunately, Axios is in the news again. A critical flaw (CVE-2026-40175) enables remote code execution and full cloud compromise. Attackers can chain prototype pollution, SSRF, and request smuggling to bypass AWS IMDSv2 and steal credentials. A public PoC is already available, increasing risk.
Just two weeks after the Axios npm compromise, another critical issue emerges.
If you rely on Axios, patching and dependency auditing should be a priority.
#Infosec #ThreatHunting #CyberSecurity
Last Seen Users on Sotwe
Gece kuşu
Seen from Italy
jack
Seen from Indonesia
Dr. 𝐽𝑎𝑛𝑎✩
Seen from Saudi Arabia
♠️ Blacked Whiteboi Sissy ♠️ #BNWO ♠️
Seen from Belarus
gizlibeyefendiy
Seen from Turkey
。o°✥✤✣ 🐽♠️منظمة التديث و الخنزرة♠️🐽✣✤✥°o。
ريم الغلاء
الحساب مغلق للابد
Seen from Germany
Türk ifşa
Seen from Turkey
săn lùng trai tuổi teen
Seen from Vietnam
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.2M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers