P.E.M.B

If you're waking up to the Internet and your world on fire from the new NPM and axios package supply chain attack, I have a short 15 minute video to hopefully catch you up to speed. Links to further resources included -- video: youtube.com/watch?v=A58cV1…

@_JohnHammond Am I the only one who saw that nx/ai-agents was also compromised?😂😂 I need intell corroboration

Axios Supply Chain Compromise: IOCs - All sfrclak[.]com Windows Disk C:\ProgramData\wt.exe Network packages[.]npm[.]org/product1 MacOS Disk /Library/Caches/com.apple.act.mond Network packages[.]npm[.]org/product0 Linux Disk /tmp/ld.py Network packages[.]npm[.]org/product2

It’s getting ridiculous @nx/ai-agents is included btw

🚨CRITICAL: Active supply chain attack is not affecting axios only. @nx/ai-agents @nx/ai-agents/configure-ai-agents is also affected and pushing the same malicious van script through post install “setup.js”. The Malicius VBscript is being written in “C:\Users\%username%\AppData\Local\Temp\6202033.vbs” which then makes the post request to “hxxp://sfrclak[.]com”. Goodnight Defenders! #axios #nx #ai #critical #supplychain #cyberattack

Every single npm supply chain attack 🤦‍♀️

🚨CRITICAL: Active supply chain attack is not affecting axios only. @nx/ai-agents @nx/ai-agents/configure-ai-agents is also affected and pushing the same malicious van script through post install “setup.js”. The Malicius VBscript is being written in “C:\Users\%username%\AppData\Local\Temp\6202033.vbs” which then makes the post request to “hxxp://sfrclak[.]com”. Goodnight Defenders! #axios #nx #ai #critical #supplychain #cyberattack

On the lastest @pcpcats supply chain, don’t sleep on axios only. @nx/ai-agents was also also compromised @nx/ai-agents/configure-ai-agents #supplychain #compromise #CyberAttack

About 3 days ago I wrote an article on #SLHS’s recent vishing campaign abusing trust in SSO domains and doing brand #impersonation with subdomains. The apex domain (passkeysso[.]com) was being flagged heavily on @virustotal but today it’s cleared out. Who knows how this is updated? #explain My blog post is here: pemblabs.net/Hiding-in-Plai…

@cyb3rops Hard to distinguish whether this is an update or a new compromise. Do you have a timeline?

New Notepad++ compromise IOCs published notepad-plus-plus.org/assets/data/Io…

So we’ve been blaming malware this whole time… turns out it’s just humanware with admin privileges 😂

I’m curious! Did anyone ever got paid for this? If you send AI voice, will they still clone it? #ai #voice #clone

SLH is unto a new vishing campaign and is possible using AI voice cloning. Scattered LAPSUS$ Hunter and the Abuse of Trust in SSO Domains pemblabs.net/Hiding-in-Plai… #SLH #cyber #passkeysso #vishing #smishing

@DallasExpress @grok please explain more

DALLAS H-1B VISA FRAUD BUST: Federal prosecutors charge two men with running a 7-year scheme submitting fake H-1B and green card applications through a local law office. Defendants Abdul Hadi Murshid and Muhammad Salman Nasir face conspiracy, visa fraud, and money laundering counts in massive immigration fraud case. Full Story: dallasexpress.com/metroplex/7-ye…

PT2 - The website redirects to “rdtfyguioyughj[.]pages[.]dev” mimicking official Claude installation page. - Tricks user into running malicious cmd using “mshta”. Similar to campaign seen before by @k3yp0d

PT1-Malvertising Campaign Employing ClaudeFix? A malicious campaign targeting both Mac 🖥️ and Windows users to download and install a fake Claude AI. User: - Google searches “claude cli install” and it’s served with an ad to “hxxps://claude-code-update[.]squarespace[.]com”.

@k3yp0d Found another one rdtfyguioyughj[.]pages[.]dev

1/2 Claude Fix attacks both mac and windows claulastver.squarespace[.]com -> claude-code.official-version[.]com

@RussianPanda9xx Same boat, lemme us know when you find out. Also I agree with the guy that said you have reached a peak.

Man, I feel so old... I used to have all this passion, staying up all night reversing malware. Now I just watch 90 Day Fiancé straight after 5pm. Is it burnout or laziness?

@IceSolst @itseieio @CyberNews Touché lol

@0xPEMB @itseieio @CyberNews I don’t give enough of a shit

🚨I HAVE LEAKED EVERY SINGLE PASSWORD EVER (4 to 32 chars long)! That is 347 novemdecillion passwords, the largest password leak ever! ALL of your passwords are in here, GUARANTEED! This is a client-side app, so what you search for is all local, never sent anywhere.