RUNK Maintainer

New Robinhood phishing chain that's kinda beautiful: 1. Attacker creates an RH account using the Gmail dot trick of your email (same inbox, different address) 2. Sets device name to HTML 3. RH's "unrecognized activity" email renders the device name unsanitized (html injection) The result is a real email from [email protected], DKIM pass, SPF pass, DMARC pass, with a phishing CTA Just because it's real, doesn't mean it's safe... $HOOD

i went to https://t.co/0yaHjrptb3. opened the page source. found a hardcoded API key in the javascript. copied it. sent one GET request. got back 959 email addresses and 3,165 internal feature flags. employees from Home Depot. Fortinet. Autodesk. Tenable. Rakuten. Mayo Clinic. Permira. Akin Gump. government workers from Wyoming, Arkansas, North Carolina, Montana, Queensland Australia, and New Zealand. a Microsoft contractor. 71 clickup employees. fortinet sells enterprise firewalls. tenable makes Nessus, the vulnerability scanner half the industry runs. their employees emails are exposed because clickup hardcoded a third party API key in a javascript file that loads before you even log in. this was first reported to clickup through hackerone on January 17, 2025. its now April 2026. the key has not been rotated. i just pulled the response five minutes ago. every email is still there. clickup raised $535 million at a $4 billion valuation. claims 85% of the Fortune 500 use their platform. looks like the proof is in the page source.

A tiny piece of code called axios runs inside almost every app on your phone and every website you visit. Developers download it 100 million times a week. A few hours ago, someone poisoned it with malware that hands an attacker full control of your computer. If you’ve never heard of axios, that’s normal. It does one boring but important job: it lets apps talk to the internet. When a website pulls up your feed or an online checkout processes your card, axios is probably doing the work underneath. Over 173,000 other code packages plug into it. It’s everywhere. The attacker stole a lead developer’s login for npm (think of it as an app store, but for code that programmers use to build software). Once inside, they swapped the developer’s email to an anonymous ProtonMail account and uploaded the poisoned version by hand. That jumped past every security check the project normally runs before new code goes live. And this was not some rushed job. The attacker staged the malware at least 18 hours before pulling the trigger. They built separate versions for Windows, Mac, and Linux. They poisoned both the current version and an older one within 39 minutes of each other, casting the widest net possible. Once the malware ran on a machine, it deleted itself to cover its tracks. The trick was smart. They never touched a single line of code inside axios itself. Instead, they tucked in a fake add-on called plain-crypto-js, built to pass as a well-known, trusted library. It copied the real library’s description and author info, so nothing looked off at a glance. When a developer installed axios, this fake package quietly ran the malware on its own. When a smaller package called ua-parser-js got hijacked back in 2021 with about 8 million weekly downloads, the security world treated it like a four-alarm fire. Axios has 100 million. Over 12x the exposure, with 173,000+ packages depending on it. Socket, the security firm that flagged this, caught it in about 6 minutes. That’s fast. But 6 minutes is still plenty of time for automated systems at companies everywhere to pull and install the bad version before anyone can react. If you or your team runs axios: lock your version to 1.14.0 (or 0.30.3 for the older branch). Change every password, API key, and access token on any machine that installed the compromised update. And check your network logs for connections to sfrclak dot com or the IP address 142.11.206.73.

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

This is wild. 143 million people thought they were catching Pokémon. They were actually building one of the largest real-world visual datasets in AI history. Niantic just disclosed that photos and AR scans collected through Pokémon Go have produced a dataset of over 30 billion real-world images. The company is now using that data to power visual navigation AI for delivery robots. Players didn't just walk around with their phones. They scanned landmarks, storefronts, parks, and sidewalks from every angle, at every time of day, in lighting and weather conditions that staged photography would never capture. They documented the physical world at a scale no mapping company with a fleet of vehicles could have replicated on the same timeline or budget. Niantic collected this systematically, data point by data point, across eight years, while users thought the only thing at stake was catching a rare Charizard. The most valuable AI training datasets in the world aren't being assembled in data centers. They're being built by people who have no idea they're building them.

> be Sammy Azdoufal, software engineer > spend $2000 on DJI Romo vacuum > decide to control it with xbox controller like a chad > use Claude to reverse engineer the API > It works because Claude is the GOAT > just need to grab auth token from their cloud servers > token works... Claude is unbeaten > wait why is he authenticated as 7000 devices > ohno.jpg > backend trusted any valid token for any device, no ownership verification > mfw Sammy has live camera feeds from vacuums in 24 countries > watching some german dude eat cereal at 3am > can pull SLAM data and get floor plans of everyone's house > could be the world's most efficient burglar > could be the world's most at scale pervert > Sammy just wanted to drive his vacuum bro > reports it like a responsible adult > DJI patches in 2 days > back to being a normal guy with overpriced roomba > mfw the entire IoT industry treats auth like it's 2005

I'm Boris and I created Claude Code. Lots of people have asked how I use Claude Code, so I wanted to show off my setup a bit. My setup might be surprisingly vanilla! Claude Code works great out of the box, so I personally don't customize it much. There is no one correct way to use Claude Code: we intentionally build it in a way that you can use it, customize it, and hack it however you like. Each person on the Claude Code team uses it very differently. So, here goes.

MongoBleed (CVE-2025-14847) is basically Heartbleed for MongoDB - unauthenticated memory disclosure - public POC, trivial to exploit - leaks creds, tokens, cloud keys straight from RAM - huge exposed surface on the internet Good writeups and technical details here: https://t.co/LgK4RABmJu https://t.co/DWtByJQ3au https://t.co/LUwfnF6uXG Patch fast, rotate secrets, and assume exposed instances were scanned(!)