No new npm packages compromised?

rikusilvola@infosec.exchange

@cR0w here you go https://www.openwall.com/lists/oss-security/2026/05/15/2

nuclearoatmeal@beige.party

@cR0w

Day ain't over yet.

huronbikes@cyberplace.social

@cR0w maybe all the fire is hiding some fire we don't know about

cr0w@infosec.exchange

@huronbikes You mean fire can grow?!

badsamurai@infosec.exchange

@NuclearOatmeal @cR0w

nyanbinary@infosec.exchange

@cR0w darf asked nicely

jackryder@infosec.exchange

@cR0w Gearing up for Monday morning...

huronbikes@cyberplace.social

@cR0w I heard a rumor that it can but it's hard to confirm what with being on fire and all.

cr0w@infosec.exchange

@nyanbinary That doesn't sound like @darfplatypus ...

darfplatypus@infosec.exchange

@cR0w @nyanbinary pending analysis. Sorry y'all.

da_667@infosec.exchange

@badsamurai @NuclearOatmeal @cR0w zero days. zero days, erryday

viss@mastodon.social

@cR0w docker 0days coming, stuff embargoed atm. more npm tooooo https://xchglabs.com/blog/

cr0w@infosec.exchange

@Viss I saw that but no timeline and no descriptions. Could be total bummers like a lot of the "coming soon" stuff from ZDI and Talos. Fingers crossed though.

shellsharks@shellsharks.social

@NuclearOatmeal @cR0w OpenClaw says "my turn" - https://www.cyera.com/blog/claw-chain-cyera-research-unveil-four-chainable-vulnerabilities-in-openclaw

cr0w@infosec.exchange

@shellsharks @NuclearOatmeal In fairness, isn't OpenClaw basically like a Damn Vulnerable Agent for testing and learning at this point?

shellsharks@shellsharks.social

@cR0w @NuclearOatmeal Yeah if DVWA was installed on thousands of endpoints and *checks notes* also exposed to the Internet

Protean Labs | Engineering Blog

(protean-labs.io)