Since i'm still on the hellsite, here is my thread on the NPM dependency issues: x.com/AndrewMohawk... But TL;DR there is so much FUD This would only impact you if -FRESH install between 9am-11.30am ET -OR Package-lock.json created in that time -Vuln packages in direct or transient dependencies

Feels so good to interact with the infosec community as a whole, I cant imagine why we have bad reputation as not being welcoming!

expel.com/blog/poisons... pretty interesting using cross device sign in ( www.passkeycentral.org/design-guide... ) to bypass fido2 hurdle, effectively turning the hardware token into QR code and asking the user to scan it

I made a submission!

My firstborn is trans 🏳️‍⚧️ nonbinary ⚧️ and a tattoo artist that now lives in California. They’re in Seattle for their brother’s graduation this week and brought their gear to give me a tattoo. There is a my other two tattoos are decorative but there is a meaningful story behind what I had them do. 1/

here's a framebuffer graphics demo (this has no practical purpose and I can't prove I'm not just like, playing a youtube video or something)

Finally one of the models is useful to me. I give you my stance on WebAuthN. cc @Yubico (Everyone at orgs I work at has a 5C + 5C NFC for phone and your org should as well)

Whats the worst that could happen?

Its finders keepers for one of these f-18s right?

@kurtopsahl.bsky.social just said "The journey to stronger opsec begins with reducing the number of steps" and I fucking love it.

She thinks the Library of Congress is like a local public library because it's got "Library" in the name and I can't emphasize enough that our country is being run by the stupidest people alive on the planet today.

You wont know when I am absolutely destroying my docker swarm, but there will be signs.

I got Manus access and errr.. its struggling with a docker project, but the filenames are hilarious! Manus.. its just like us!

The life of crime is calling me!

Another day, another 9.x critical vuln that bypasses authentication/authorization flow :( thehackernews.com/2025/03/crit... But dont worry it's just the kubes ingress-nginx and not the nginx ingress controller often used for kubes. Stay safe out there 🙃

Meme stolen from @yaelwrites.com

In 25 years of covering national security, I’ve never seen a story like this: Senior Trump officials discussed planning for the U.S. attack on Yemen in a Signal group--and inadvertently added the editor-in-chief of The Atlantic. www.theatlantic.com/politics/arc...

Found a cool animatronic eye 3D print and spent the weekend making it follow me around

I really hate that this is the release details we get for a *9.1 critical vuln* in a common js stack: www.cve.org/CVERecord?id... I will be blocking all requests with the header `x-middleware-subrequest` rather than risk deploying a > 5pm release for something without any real details.

Tornado cash is back. home.treasury.gov/news/press-r...

Vibe coding my own rust ui for the rayhunter ( github.com/EFForg/rayhu... )

A short story in 4:

Twitter is down! Maybe DOGE finally did something people agree with

Looking at some of the other recent DPRK attacks I noticed docker being used with `--privileged` flag. I also know that on mac there is a current issue with docker ( github.com/docker/for-m... ) and the workaround is to move things to /Library/PrivilegedHelperTools/.

Whats the best way for me to post things to both bluesky and the dark site whose name we do not mention?

I put up a few words about the recent Bybit hack, I got so annoyed with companies shilling solutions or punching down. As a security community we should be and expect better. privy.io/blog/bybit-l...

Reminder that bybit is not the first nor likely the last attack we will see using this method-similar to previous attacks: DMM ($308m, May 2024) WazirX ($230m, July 2024) Radiant ($55m, Oct 2024) medium.com/@RadiantCapi... www.fbi.gov/news/press-r... www.liminalcustody.com/blog/update-...

WYOMING: “Thank you, Madam chairman.” “I prefer ‘Mister’ chairman.” “Well you all voted preferred pronouns cannot be compelled speech.”

9gb? what exactly is going on with @burpsuite.bsky.social these days! I just restarted it and im browsing a local next js app!

Rest in peace:

I dont often have to help someone secure outlook, mostly deal with Google workspace, but I found this guide really well done. Props to Australian Signals Directorate for actionable security. Gold security star. www.cyber.gov.au/sites/defaul...

www.cell.com/device/fullt... Okay I really want one.

gist.github.com/hackermondev... Fun writeup on figuring out cloudflare traffic!

I wonder how much of this is Luigi related?

This is simply a super useful free tool, if you are using github and not running this you are making life more difficult for yourself

I will kill for these 3!

why'd they name this app bluesky when Elders Scroll was right there

for anybody wondering what the flag will look like if we added greenland as a state

Being sentient is so weird. You run an electrical charge through some meat and suddenly anxiety exists.

Nvidia really letting rip at CES2025! Damn, I want all their things

Here. The elevators, the number order? 1,3,2,5,4 of course.

A simple way to let go of the past and redirect your negative energy is to add more cheese to your pasta

You'll feel much better once you've given up hope.

Feature request for venmo: give us a random emoji option so service workers don't have to do this (or heck, pay people so they don't rely on tips!)

The simpler times en.wikipedia.org/wiki/MOPy_fish

This is some totally fun research by @d4d89704243.bsky.social on manipulating cookies and how (once again) HTTP is implemented so vastly different across clients! Would love to see what the js servers do since they seem to be everywhere now

If you need to know more about me.