@cR0w It’s old news and not going away. Nobody is treating npm as what it has always been: the biggest malware repo since GitHub.
https://go.halcyon.ai/rs/401-WCH-435/images/Halcyon%20Cloudzy%20C2P%20Report.pdf?version=0
J
j0hnnyxm4s@infosec.exchange
@j0hnnyxm4s@infosec.exchange
Posts
-
https://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/ -
https://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/@cR0w yeah man that supply chain is a bitch. Npm update stole a PAT and went to town. Luckily it only matters if you’re dumb enough to store keys in your repo. Tried to be as descriptive as possible.
-
If you had one nail left in this coffin, there it goesIf you had one nail left in this coffin, there it goes
-
Market is up?Market is up? Invest in T-shirts.
Market is down? Invest in T-shirts.  -
I got 2nd in the @OzCon CTF today, after not having done one in 10 years.I got 2nd in the @OzCon CTF today, after not having done one in 10 years.
1st & 3rd place were software devs running 6 & 1 agents.
It’s not a testament to my ability, it’s a testament to the reality of leveraging GenAI for tasks humans have traditionally been bad at.
-
I got 2nd in the @OzCon CTF today, after not having done one in 10 years.I got 2nd in the @OzCon CTF today, after not having done one in 10 years.
1st & 3rd place were software devs running 6 & 1 agents.
It’s not a testament to my ability, it’s a testament to the reality of leveraging GenAI for tasks humans have traditionally been bad at.
-
Do you guys think bro is doing OK in 2026Do you guys think bro is doing OK in 2026