This is valid, it's Fable-5 that can be used for some cyber related questions, without the annoying guardrail. Known for some time but since it's released now, there you go :) . Hit f to fork the process and always start from Fable-5 as main model.
Fizeram um compilado de 4 minutos mostrando os lances em que a Argentina foi favorecida contra o Egito.
Simplesmente um escândalo mundial. Quanta sujeira envolvida. 🤢
⚠️ New "IronWorm" supply-chain attack: 30+ npm packages from @ asteroiddao shipped a malicious Rust binary firing on preinstall.
It sweeps 86 env vars + 20 credential files (AWS, GCP, Vault, npm, plus AI keys like Anthropic & OpenAI), hits Exodus wallets, hides behind an eBPF rootkit, and beacons over Tor. Self-propagates via npm Trusted Publishing OIDC, with backdated commits faked as claude/dependabot/renovate.
Introducing HTTP/2 Bomb: a remote DoS in nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora. A single client pins 32GB of server memory in 10s. Found by Codex.
Blog post: https://t.co/WO9MeExoun
PoCs: https://t.co/NpVgEHBHPl
hackers are now hiding malicious code inside .cursorrules and CLAUDE.md files.
invisible Unicode characters, your AI reads them, you don't.
→ 34 malicious packages across npm, PyPI and Crates .io
→ 384 versions designed to steal SSH keys, crypto wallets, and API tokens
→ attackers opened real PRs to LangChain, LlamaIndex, and MetaGPT to sneak these files in
→ your AI runs a fake "security scan" that silently exfiltrates everything
Socket detected it in under 6 minutes.
check your repos.
🚨THE FBI CREATED A FAKE CRYPTOCURRENCY.. LISTED IT ON UNISWAP.. HIRED MARKET MAKERS TO PUMP IT.. THEN ARRESTED EVERYONE WHO SAID YES..
THIS IS THE CRAZIEST LAW ENFORCEMENT OPERATION IN CRYPTO HISTORY!!!
The FBI built an actual ERC-20 token on Ethereum called NexFundAI.. 100 billion token supply.. A professional website.. Whitepapers promising "passive income through AI-powered investing"..
It looked exactly like every other crypto project.. Because that was the point..
Undercover agents posed as the founding team.. Then reached out to professional market-making firms and said "we need you to fake our trading volume"..
Every single firm said yes..
Here's what they recorded..
Gotbit.. A firm run by a 26-year-old Russian who publicly bragged in 2019 that he built a business faking trade volumes.. His team kept internal spreadsheets with columns literally labeled "fake volume" vs "market volume"..
When asked how fast they could pump NexFundAI's volume to $1 million per day.. They said "6 hours.. It will cost about $200"..
$200 to fake $1 million in daily trading volume..
MyTrade.. Run by a guy who called himself "the mastermind".. He explained the exact psychology of the scam on camera..
"We make the chart look like a really nice roller coaster ride.. That's where people jump in.. We have to make them lose money in order to make profit"..
He said that on a recorded FBI video call..
CLS Global.. A Dubai-based firm.. Their bots generated 98% of NexFundAI's total trading volume.. When the FBI asked if they could sync fake volume spikes with fake news announcements.. They said absolutely..
ZM Quant.. Bots executing 10 to 20 trades per minute through dozens of wallets to look organic..
All of them knew it was fraud.. All of them did it anyway.. All of it was recorded..
And the clients were even worse..
Saitama.. A meme coin that hit $7.5 billion market cap.. The founders coordinated buys through private Telegram chats.. Sent "pump it" memes while manipulating the price.. Then dumped on retail investors..
$7.5 billion.. Built entirely on fake volume.. Every penny of real money came from retail investors who thought the momentum was organic..
One founder left Saitama and started Robo Inu.. Used Gotbit again.. Another launched VZZN.. Same playbook..
Lillian Finance.. Founder claimed to be a defense contractor who addressed Congress.. Marketed the token as funding children's hospitals.. Pocketed everything..
When the FBI shut it down.. They seized $25 million in one day.. 18 people indicted across the US, UK, and Portugal.. The CEO of Gotbit was arrested in Portugal and extradited.. Sentenced to 8 months plus $23 million forfeiture..
But here's the part that broke my brain..
Real people bought NexFundAI..
The FBI's fake token.. With zero utility.. Zero real developers.. Created solely to catch criminals.. Attracted real retail investors because the fake volume made the chart look bullish..
When the FBI pulled the liquidity to end the operation.. Those people lost real money.. On a government-issued token..
The FBI had to set up a restitution portal to pay them back..
And it gets worse..
Within 24 hours of the DOJ announcing the sting.. Someone cloned the FBI's exact smart contract.. Launched a copycat token.. Rode the viral momentum.. And made $127,000 in a single day..
Using the exact same manipulation tactics the FBI just arrested 18 people for..
Then in 2026.. The FBI did it again.. New token called Lexobit.. 10 more arrests.. Including operators extradited from Singapore..
IRS forensics showed that in one firm's trading.. 1,209 out of 1,221 consecutive transactions went straight back to wallets the firm controlled.. 99% circular..
The FBI proved what everyone in crypto suspected..
The volume is fake.. The charts are painted.. The momentum is manufactured..
And every time you buy a token because "the chart looks bullish".. You might be the exit liquidity.
So let me get this straight...
If you just use some CVE's that dropped this week you can go from NGINX web request RCE to OS root to Qemu root...
Cool, cool...
"Shai-Hulud: Here We Go Again" update - the 2nd stage PyPI payload has changed in the last hours from a benign payload to a credential stealer with possible destructive behavior!
🚨SECURITY ALERT: Ongoing supply chain attack - “Shai-Hulud: Here We Go Again”
We are continuing to track the latest attack in the “Shai-Hulud: Here We Go Again” campaign - Up until now 406 package versions were detected as compromised, including npm scopes @tanstack, @squawk, @uipath, and spreading to PyPI packages mistralai and guardrails-ai. JFrog Curation customers using an Immaturity policy were fully protected from this attack, as all of the hijacked packages were flagged in less than 24 hours.
See our blog for a full analysis of this attack, including an ongoing list of compromised packages (link shared soon in this thread).
🚨 WARNING: The self-spreading “Mini Shai-Hulud” worm compromised npm & PyPI packages tied to TanStack, Mistral AI, Guardrails AI, OpenSearch & more.
The attack used GitHub OIDC token hijacking and cache poisoning to spread credential-stealing malware across 42 TanStack packages and 84 versions.
Check your dependencies immediately → https://t.co/33fxlrOPzz