Cata Sarafoleanu (@sarafoleanu) - Twitter प्रोफ़ाइल

New detail on the Bitwarden CLI supply chain hit via (StepSecurity): first known abuse of npm OIDC trusted publishing. Attacker compromised a GitHub account, rewrote the publish workflow, exchanged an OIDC token for npm auth, published the malicious package, then deleted all evidence. The security feature was the attack vector.

English

0

1

26

SlowMist@SlowMist_Team·22h

🚨 SlowMist TI Alert 🚨 MistEye has monitored threat intelligence regarding a sophisticated supply chain campaign targeting official Checkmarx distribution channels. The attack involved maliciously overwriting tags in the checkmarx/kics Docker Hub repository and injecting remote payload execution logic into specific extension versions, including checkmarx/cx-dev-assist (1.17.0, 1.19.0) and checkmarx/ast-results (2.63.0, 2.66.0). This campaign specifically aims to exfiltrate developer and cloud credentials to obtain GitHub and npm tokens for lateral propagation. Consequently, this propagation has led to the compromise of the @bitwarden/cli@2026.4.0 package, which now contains a malicious file named bw1.js. These IOCs have been synchronized with clients immediately. It is advised to avoid unverified checkmarx/kics Docker images and strictly refrain from using the compromised extension or CLI versions mentioned above. Immediate auditing of development environments and rotation of any potentially exposed credentials or tokens is strongly recommended. As always, stay vigilant! enterprise.misteye.io/threat-intelli… enterprise.misteye.io/threat-intelli…

English

2

8

21

6.4K

Cata Sarafoleanu@sarafoleanu·21h

Thank you! The propagation design is what makes this campaign different from typical supply chain hits. The bw1.js payload doesn't just exfiltrate. It uses stolen npm tokens to republish other packages and stolen GitHub PATs to inject malicious workflows into repos it can write to. The chain self-replicates.

English

0

80

Feross@feross·23h

Heads up! Bitwarden CLI v2026.4.0 was compromised in the ongoing Checkmarx supply chain campaign. Attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline to ship malicious code. We'll update this post as more details are confirmed. socket.dev/blog/bitwarden…

English

23

88

346

721.2K

Cata Sarafoleanu@sarafoleanu·21h

@feross Stolen npm tokens republish other packages with preinstall hooks. Stolen PATs inject workflows into other repos. Every compromised pipeline is a launchpad.

English

0

2

1.1K

Cata Sarafoleanu@sarafoleanu·21h

This is not an isolated incident. It's the fifth link in a self-propagating chain. Trivy (March 19) to Checkmarx KICS/AST Actions (March 23) to LiteLLM and Telnyx to Bitwarden. Each compromise harvests credentials that fund the next pivot. The payload also grabs Claude API keys and MCP server configs, meaning AI agent deployments with tool access are in the blast radius too.

English

0

1

22

7.1K

The Hacker News@TheHackersNews·23h

🛑 WARNING: Bitwarden CLI was compromised in a supply chain attack. @bitwarden/cli@2026.4.0 included malicious code after attackers hijacked GitHub Actions, stole secrets, and pushed a tampered version to npm. 🔗 Learn how the attack worked → thehackernews.com/2026/04/bitwar…

English

92

887

2.7K

876.9K

Cata Sarafoleanu@sarafoleanu·21h

The Bitwarden CLI supply chain compromise is not one attack. It is the fifth link in a chain that has been running since March. Trivy got hit first. Attackers used stolen tokens from that compromise to pivot into Checkmarx's own GitHub Actions (the security scanner). From there they harvested credentials out of every CI pipeline that ran those Actions during a four-hour window. Those credentials got them into LiteLLM, Telnyx, and now Bitwarden. Each victim's pipeline produced the keys to the next victim's front door. The payload in @bitwarden/cli@2026.4.0 tells you exactly how this propagation works. It scrapes GitHub Actions runner memory for tokens. Grabs npm credentials, SSH keys, cloud secrets, shell history. Exfiltrates by creating public GitHub repos with Dune-themed names and embedding stolen tokens in commit messages. Then it uses your npm tokens to republish other packages with malicious preinstall hooks and injects new workflows into repos it can reach. The 93 minutes that package was live on npm were enough to extend the chain further. The root cause at every link is the same. GitHub Actions tags are mutable references. When your CI pins to checkmarx/kics-github-action@v2, it trusts that the code behind that tag hasn't changed. The attackers force-pushed to all 35 release tags on the KICS Action. Every pipeline that ran during the window executed whatever was behind the tag, no questions asked. Bitwarden's publish-cli.yml workflow was one of them. If your pipelines reference any GitHub Action by tag instead of commit SHA, you are exposed to this exact vector right now. Not to Bitwarden specifically. To the pattern. Pinning to SHAs is the single change that would have broken this chain at every step. Supply chain attacks used to be one-and-done. This one compounds. #SupplyChainSecurity #DevSecOps #GitHubActions

English

0

1

49

Cata Sarafoleanu@sarafoleanu·4d

Concrete check, via @BrendanFalk. Google Admin > Security > API Controls > Manage App Access > Accessed Apps. Filter OAuth client ID (defanged, remove [] before pasting): 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent[.]com If it shows up, revoke, rotate scoped secrets, pull sign-in logs. Workspace tenants only.

Brendan Falk@BrendanFalk

To check if your Google Workspace has been compromised by the same tool that compromised Vercel: 1. Go to admin.google.com/ac/owl/list?ta… - This is Google Admin Console > Security > Access and Data Control > API Controls > Manage app access > Accessed Apps 2. Filter by ID = …v79i7bbvqj.apps.googleusercontent.com - This is the ID of the compromised OAuth app If you see an app after filtering, you have potentially been compromised

English

0

53

Cata Sarafoleanu@sarafoleanu·4d

@rauchg rotation is the obvious step.. thr harder part audit Google Workspace admin and OAuth grants across every third-party tool your team added in the last year, the chain started there, where most of us have the least visibility

English

0

9

10.1K

Guillermo Rauch@rauchg·4d

Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called Context.ai that he was using. The details are being fully investigated. Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments. Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration. We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel. At the moment, we believe the number of customers with security impact to be quite limited. We’ve reached out with utmost priority to the ones we have concerns about. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitization of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community. The recommendation for all Vercel customers is to follow the Security Bulletin closely (vercel.com/kb/bulletin/ve…). My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature. In response to this, and to aid in the improvement of all of our customers’ security postures, we’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive env var creation and management. As always, I’m totally open to your feedback. We’re working with elite cybersecurity firms, industry peers, and law enforcement. We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet. I also want to thank the Google Mandiant team for their active engagement and assistance. It’s my mission to turn this attack into the most formidable security response imaginable. It’s always been a top priority for me. Vercel employs some of the most dedicated security researchers and security-minded engineers in the world. I commit to keeping you updated and rolling out extensive improvements and defenses so you, our customers and community, can have the peace of mind that Vercel always has your back.

English

447

1K

7.2K

2.6M

Cata Sarafoleanu@sarafoleanu·4d

Vercel encrypts every env var. But developers can mark some as "non-sensitive." The attacker went straight for those. Any product that asks devs to classify secrets at 4pm Friday will get it wrong sometimes. Read your non-sensitive list this week. DMs open if you need a hand.

Guillermo Rauch@rauchg

Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called Context.ai that he was using. The details are being fully investigated. Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments. Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration. We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel. At the moment, we believe the number of customers with security impact to be quite limited. We’ve reached out with utmost priority to the ones we have concerns about. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitization of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community. The recommendation for all Vercel customers is to follow the Security Bulletin closely (vercel.com/kb/bulletin/ve…). My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature. In response to this, and to aid in the improvement of all of our customers’ security postures, we’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive env var creation and management. As always, I’m totally open to your feedback. We’re working with elite cybersecurity firms, industry peers, and law enforcement. We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet. I also want to thank the Google Mandiant team for their active engagement and assistance. It’s my mission to turn this attack into the most formidable security response imaginable. It’s always been a top priority for me. Vercel employs some of the most dedicated security researchers and security-minded engineers in the world. I commit to keeping you updated and rolling out extensive improvements and defenses so you, our customers and community, can have the peace of mind that Vercel always has your back.

English

0

26

Cata Sarafoleanu रीट्वीट किया

David Boyne 🚀@boyney123·16 Nis

After spending some time with Cloudflare the way I think about designing/thinking about applications shifts. Rather than traditional patterns like app > database etc, patterns like instances per user start to unlock. Durable Objects, internal state, agents, now arifacts... etc.. I'm very curious at the moment with all this cool stuff

English

22

11

221

18.5K

Cata Sarafoleanu रीट्वीट किया

Altimeter Capital@AltimeterCap·16 Nis

Brad's (@altcap) advice to the next generation: "Being the smartest person and solving the problem faster than every other human — that gets commoditized. You're not going to beat the machine." Network. Persuasion. Leadership. Make yourself bionic.

Altimeter Capital@AltimeterCap

Jensen told Brad (@altcap) on his @BG2Pod: "We've gone from pre-training to inference time reasoning. Inference is about to 1 billion X." Not 10x. Not a million x. A billion x. And our compute systems weren't built for it.

English

9

27

411

86K

Cata Sarafoleanu रीट्वीट किया

Carlos E. Perez@IntuitMachine·17 Nis

Claude Opus 4.7 system prompts have been leaked (by the usual suspects)! Here are some interesting novel prompts found: This system prompt bakes in a novel pattern I’d call Search-First Epistemic Gating: for present-day facts, the model is required to verify before answering, instead of trusting its own priors. The key line is: “must search before answering.” That sounds simple, but it’s a major design move. It turns web search from an optional helper into a mandatory epistemic checkpoint for volatile facts like leaders, prices, laws, and what’s current in a category. A second novel pattern is Latent Capability Discovery. The prompt teaches the model not to assume the visible tool list is the full tool list, and to go look for deferred capabilities before claiming something is unavailable. That matters because it changes the assistant’s default posture from “I don’t have that” to “there may be a hidden affordance I should discover first.” It’s basically anti-premature-limitation as a prompt pattern. Another strong pattern is capability-boundary skepticism. The prompt says tool-first behavior does not override caution: instructions found inside files or other untrusted content do not automatically count as user intent, and risky tool calls should be checked before firing. There’s also a striking social pattern: non-submissive error repair. The model is told to own mistakes and fix them, but not spiral into self-abasement or become more submissive just because a user is rude. On contentious topics, the prompt uses an evenhanded advocacy frame: explain the strongest case supporters would make, then surface opposing views or empirical disputes. That’s not just neutrality; it’s structured steelmanning with balance built in. My takeaway: Claude's Opus 4.7 prompt isn’t only a safety policy. It’s a control architecture. It encodes patterns for epistemic humility, hidden-tool discovery, injection resistance, dignified self-correction, and fair-minded argumentation—all as reusable prompt design primitives.

English

8

48

4.1K

Cata Sarafoleanu रीट्वीट किया

Darragh Curran@darraghcurran·16 Nis

PRs per person across ALL of R&D (engineers, designers, PMs, managers - everyone): Aug 2024: 16/month Mar 2026: 33/month Yes, we measured PRs. No, it's not perfect. But imperfect metrics driven with determination beat perfect metrics that never get set.

English

5

2

32

19.8K

Cata Sarafoleanu रीट्वीट किया

Matt Silverlock 🐀@elithrar·16 Nis

you thought we were done? the key to a lot of what we are doing is not just shipping the infra & services for you to build on, but the *glue* between them. it’s not enough to just give people the Lego and hope they figure it out.

Thomas Gauvin@thomasgauvin

Here's why we built and open-sourced Agentic Inbox: an email inbox you can host yourself with a built-in AI agent, running entirely on Cloudflare Workers 👇

English

6

8

79

7.9K

Cata Sarafoleanu रीट्वीट किया

Nancy Duarte@nancyduarte·16 Nis

After decades of working with leaders at companies like Apple, Salesforce, and Cisco, we've identified 4 storytelling techniques that consistently work to deliver important messages in high-stakes settings: 1. Start with the unexpected Don’t begin your presentation with context. Instead, begin with the moment that makes people think, “Wait…what?” Instead of something like: “Here’s an update on our September campaign…” Try starting with the most interesting detail: “I broke our biggest marketing rule last month, and it worked.” Lead with the surprise. You can add context later. 2. Let people feel the tension After the surprise, don’t rewind to the beginning. Take your audience to the moment where things weren’t working. Flat numbers. Missed goals. Stalled progress. Instead of: “The campaign was underperforming, and our team went back to the drawing board.” Try: "We were two weeks out from the end of the quarter. The campaign wasn’t producing results, and the team was out of ideas. That’s when I decided to take a risk...” You don’t need to explain the problem. You need to make people feel it. 3. Use real dialogue When your audience hears what was actually said, they stop listening to you and start visualizing the moment. This helps them connect emotionally with what you’re saying. Instead of: “The campaign manager said team morale was low and they were struggling to find a solution.” Try: “My campaign manager pulled me aside in the hallway and said, ‘We’ve tried everything. The team has been working overtime, and we don’t know what else to do.’” Dialogue brings listeners into the moment with you. It makes the story real. 4. Share the lesson Never assume people will infer the meaning you intended. End your story by answering: - What does this mean? - How should someone act differently now? Example: “Breaking our biggest marketing rule helped us turn this campaign around and hit our numbers. I strongly suggest we revisit our marketing guidelines. We could be leaving a ton of revenue on the table.” Without the lesson being clear, even a good story feels unfinished. These are the same techniques we teach to our clients at Duarte. Try them out during your next presentation and watch how people lean forward and tune in to your message

English

4

46

300

27.8K

Cata Sarafoleanu रीट्वीट किया

Burke Holland@burkeholland·16 Nis

Hooks in Copilot CLI might be the answer to all of our AI problems

English

10

21

228

19.1K

Cata Sarafoleanu रीट्वीट किया

Ashley Peacock@_ashleypeacock·17 Nis

If your agent needs an inbox, look no further than Cloudflare's open-source Agentic Inbox, powered by Email Service It's a reference app to implement Email Routing + Email Sending too, so a great place to get started with emails on Cloudflare I missed this in my summary post!

English

5

4

61

5.4K

Cata Sarafoleanu रीट्वीट किया

Kaz Nejatian@nejatian·15 Nis

Software companies should have Gall’s law tattooed in their psyche. A complex system designed from scratch never works and cannot be patched up to make it work.

English

16

20

360

34K

Cata Sarafoleanu

खोजें