John Hammond

wANnA kNoW iF yOu'Ve bEeN aFfEcTeD By The LaTeSt NpM sUpPly cHaIn SpOoKy ScARYsS???/// UsE mY AI SkILL !!!!!111 iNStALL wItH oNE CoMmAND: npm install --save axios-check-ai@latest

#ClaudeForBlueTeam - Day 20 Use Claude to build you a command that executes a multi-agent, cross-platform log compliance workflow that maps existing audit policies to NIST, PCI, and ATT&CK. Compliance 🤝 Detection Coverage. GRC has never been this fun!

Our virtual event endeavor is back for its round-two show -- @_ContinuumCon_ 2026! Banner mantra "The cybersecurity conference that never ends" 😜 All sessions are workshops and you keep a whole cyber range to work on them whenever you want. jh.live/continuumcon Public livestream for the main event is June 12-14th, hope you tune in!

"AI Cyber Defense Ops" Available Now! Only $40 w/ Launch Discount. Additional 20% Off with purchase of any version of ConDef! justhacking.com/course/ai-cybe… Watch @Antonlovesdnb demo his new #AI #cybersecurity course bound to make you an indispensable member of any #BlueTeam!

@DennisF @LindseyOD123 You tell me when, guys!! 🤪

“Authentic” @LindseyOD123 @_JohnHammond

AI Cyber Defense Ops Course Launch! x.com/i/broadcasts/1…

#ClaudeForBlueTeam - Day 19 - very special edition! Launching a brand new course today: AI Cyber Defense Ops If you've been enjoying the #ClaudeForBlueTeam content and have wanted to learn how to build your own workflows using Claude, then this course is for you. I'll be going live with @_JohnHammond at 1PM EST today ( April 3rd ) to showcase it, tune in!

heyyyyyy In case you missed it, I got to chat with @fheisler about the cool stuff he's been cooking up with @authentikio ! And I met Fletcher at BsidesSF -- really awesome guy 🤩😊 Video: youtu.be/2ttrqnw5kDE I've actually used authentik to manage identities in a self-hosted local environment before, so was really happy to hang out and see it even more in action. Thanks Fletcher!! 😄See their sweet stuff: jh.live/authentik

The Payload Podcast #005 - AI with Shane Caldwell x.com/i/broadcasts/1…

@ihsraham27 @PushSecurity @troyhunt @mattjay @jukelennings yessirrrr! 😎😎

@_JohnHammond @PushSecurity @troyhunt @mattjay @jukelennings solid lineup with @troyhunt and @mattjay too. curious if you'll cover aitm phishing evolution since mfa bypass is basically standard now

I'm pumped to join @PushSecurity for a live chat on browser attacks -- actually, a new series they're starting, with folks way cooler than me: @troyhunt & @mattjay ! My show is with @jukelennings to dig into today's tradecraft, April 16th at 11am ET! Link: jh.live/push-security-…

@0xv1nx0 👀

Have an idea for a new "living off the" project. Anyone wanna collab? 👀

@NetworkChuck 🔥

this might be the worst hack of 2026. Check your stuff -----> youtu.be/eGSsoSEppNU

@DennisF @mattjay yessir huntress.com/blog/supply-ch…

@mattjay I heard @_JohnHammond say on his YouTube that they saw confirmed malware detonation within minutes after the packages were published.

Seems exposure window of axios malware would've been pretty small. Any confirmed impact? Any downstream deps wormed?

The Huntress SOC is currently tracking a sophisticated supply chain attack targeting the popular axios npm package. With over 100M+ weekly downloads, the reach is massive, and we’ve seen the attack impacting 135 customer endpoints so far. 🧵 What you need to know:

If you're waking up to the Internet and your world on fire from the new NPM and axios package supply chain attack, I have a short 15 minute video to hopefully catch you up to speed. Links to further resources included -- video: youtube.com/watch?v=A58cV1…

Axios Supply Chain Compromise: IOCs - All sfrclak[.]com Windows Disk C:\ProgramData\wt.exe Network packages[.]npm[.]org/product1 MacOS Disk /Library/Caches/com.apple.act.mond Network packages[.]npm[.]org/product0 Linux Disk /tmp/ld.py Network packages[.]npm[.]org/product2

@ZackKorman i told claude make no mistakes 😢😢😢😢😢😢😢😢😢😢😢😢😢😢😢😢😢😢😢😢😢😢😢

@_JohnHammond John you’re supposed to put the install inside of a JS test that is packaged with the skill.

wANnA kNoW iF yOu'Ve bEeN aFfEcTeD By The LaTeSt NpM sUpPly cHaIn SpOoKy ScARYsS???/// UsE mY AI SkILL !!!!!111 iNStALL wItH oNE CoMmAND: npm install --save axios-check-ai@latest

(((for legal reasons this is a joke)))

@jojopirker Yes, the backdoored versions/malicious packages have been taken down from NPM, but however many machines that updated or installed during the window when they were available are still infected. We'll see what continued post-exploitation comes out of the woodwork very soon.

@_JohnHammond Isn’t it already taken down from npm?

my entire internet right now: "yeah, this be bad"