CIRCLE WITH A DOT

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

No new npm packages compromised?

26 Posts 14 Posters 0 Views

C ciaranmak@mastodon.ie

@starchturrets @cR0w I will report back because tbh if I don't end up out in the pub this evening I'm probably gonna test this one out
V This user is from outside of this forum
V This user is from outside of this forum
viss@mastodon.social

wrote last edited by

#9

@ciaranmak @starchturrets @cR0w oh god yes. docker 0day. shoot that shit right into my veins
S 1 Reply Last reply

0
V viss@mastodon.social

@ciaranmak @starchturrets @cR0w oh god yes. docker 0day. shoot that shit right into my veins
S This user is from outside of this forum
S This user is from outside of this forum
starchturrets@mastodon.social

wrote last edited by

#10

@Viss @ciaranmak @cR0w well runc isn't really a very strong boundary compared to gvisor or kata containers, so I'm not too worried there
1 Reply Last reply

0
C cr0w@infosec.exchange

No new npm packages compromised? No new Linux kernel 0days? Is everyone waiting for EOD or is Friday no longer the day to publish shenanigans?
R This user is from outside of this forum
R This user is from outside of this forum
rikusilvola@infosec.exchange

wrote last edited by

#11

@cR0w here you go https://www.openwall.com/lists/oss-security/2026/05/15/2
1 Reply Last reply
1
0
C cr0w@infosec.exchange

No new npm packages compromised? No new Linux kernel 0days? Is everyone waiting for EOD or is Friday no longer the day to publish shenanigans?
N This user is from outside of this forum
N This user is from outside of this forum
nuclearoatmeal@beige.party

wrote last edited by

#12

@cR0w
Day ain't over yet.
B S 2 Replies Last reply

0
C cr0w@infosec.exchange

No new npm packages compromised? No new Linux kernel 0days? Is everyone waiting for EOD or is Friday no longer the day to publish shenanigans?
H This user is from outside of this forum
H This user is from outside of this forum
huronbikes@cyberplace.social

wrote last edited by

#13

@cR0w maybe all the fire is hiding some fire we don't know about
C 1 Reply Last reply
1
0
H huronbikes@cyberplace.social

@cR0w maybe all the fire is hiding some fire we don't know about
C This user is from outside of this forum
C This user is from outside of this forum
cr0w@infosec.exchange

wrote last edited by

#14

@huronbikes You mean fire can grow?!
H 1 Reply Last reply
1
0
N nuclearoatmeal@beige.party

@cR0w
Day ain't over yet.
B This user is from outside of this forum
B This user is from outside of this forum
badsamurai@infosec.exchange

wrote last edited by

#15

@NuclearOatmeal @cR0w
D 1 Reply Last reply

0
C cr0w@infosec.exchange

No new npm packages compromised? No new Linux kernel 0days? Is everyone waiting for EOD or is Friday no longer the day to publish shenanigans?
N This user is from outside of this forum
N This user is from outside of this forum
nyanbinary@infosec.exchange

wrote last edited by

#16

@cR0w darf asked nicely
C 1 Reply Last reply

0
C cr0w@infosec.exchange

No new npm packages compromised? No new Linux kernel 0days? Is everyone waiting for EOD or is Friday no longer the day to publish shenanigans?
J This user is from outside of this forum
J This user is from outside of this forum
jackryder@infosec.exchange

wrote last edited by

#17

@cR0w Gearing up for Monday morning...
1 Reply Last reply

0
C cr0w@infosec.exchange

@huronbikes You mean fire can grow?!
H This user is from outside of this forum
H This user is from outside of this forum
huronbikes@cyberplace.social

wrote last edited by

#18

@cR0w I heard a rumor that it can but it's hard to confirm what with being on fire and all.
1 Reply Last reply

0
N nyanbinary@infosec.exchange

@cR0w darf asked nicely
C This user is from outside of this forum
C This user is from outside of this forum
cr0w@infosec.exchange

wrote last edited by

#19

@nyanbinary That doesn't sound like @darfplatypus ...
D 1 Reply Last reply

0
C cr0w@infosec.exchange

@nyanbinary That doesn't sound like @darfplatypus ...
D This user is from outside of this forum
D This user is from outside of this forum
darfplatypus@infosec.exchange

wrote last edited by

#20

@cR0w @nyanbinary pending analysis. Sorry y'all.
1 Reply Last reply

0
B badsamurai@infosec.exchange

@NuclearOatmeal @cR0w
D This user is from outside of this forum
D This user is from outside of this forum
da_667@infosec.exchange

wrote last edited by

#21

@badsamurai @NuclearOatmeal @cR0w zero days. zero days, erryday
1 Reply Last reply

0
C cr0w@infosec.exchange

No new npm packages compromised? No new Linux kernel 0days? Is everyone waiting for EOD or is Friday no longer the day to publish shenanigans?
V This user is from outside of this forum
V This user is from outside of this forum
viss@mastodon.social

wrote last edited by

#22

@cR0w docker 0days coming, stuff embargoed atm. more npm tooooo https://xchglabs.com/blog/
C 1 Reply Last reply
1
0
V viss@mastodon.social

@cR0w docker 0days coming, stuff embargoed atm. more npm tooooo https://xchglabs.com/blog/
C This user is from outside of this forum
C This user is from outside of this forum
cr0w@infosec.exchange

wrote last edited by

#23

@Viss I saw that but no timeline and no descriptions. Could be total bummers like a lot of the "coming soon" stuff from ZDI and Talos. Fingers crossed though.
1 Reply Last reply

0
N nuclearoatmeal@beige.party

@cR0w
Day ain't over yet.
S This user is from outside of this forum
S This user is from outside of this forum
shellsharks@shellsharks.social

wrote last edited by

#24

@NuclearOatmeal @cR0w OpenClaw says "my turn" - https://www.cyera.com/blog/claw-chain-cyera-research-unveil-four-chainable-vulnerabilities-in-openclaw
C 1 Reply Last reply

0
S shellsharks@shellsharks.social

@NuclearOatmeal @cR0w OpenClaw says "my turn" - https://www.cyera.com/blog/claw-chain-cyera-research-unveil-four-chainable-vulnerabilities-in-openclaw
C This user is from outside of this forum
C This user is from outside of this forum
cr0w@infosec.exchange

wrote last edited by

#25

@shellsharks @NuclearOatmeal In fairness, isn't OpenClaw basically like a Damn Vulnerable Agent for testing and learning at this point?
S 1 Reply Last reply

0
C cr0w@infosec.exchange

@shellsharks @NuclearOatmeal In fairness, isn't OpenClaw basically like a Damn Vulnerable Agent for testing and learning at this point?
S This user is from outside of this forum
S This user is from outside of this forum
shellsharks@shellsharks.social

wrote last edited by

#26

@cR0w @NuclearOatmeal Yeah if DVWA was installed on thousands of endpoints and *checks notes* also exposed to the Internet

Protean Labs | Engineering Blog

(protean-labs.io)
1 Reply Last reply

0

Log in to reply

1
2