Raphael Silva

@kaisec42 @MosheTov Oof yeah, not surprised lol

@0x_rcss @MosheTov I have seen this a couple of times now.🤣😂

This went twice as well as the GitLab bounty!

@MosheTov @kaisec42 Love that, let's pitch it 😂

@0x_rcss @kaisec42 HackerOne should give an option to automatically bet those amounts on a roulette😅

@kaisec42 @MosheTov Maybe 😂 It's in my profile. Is that amount normal for them? I did notice their average was really low lol

@0x_rcss @MosheTov This must be OPPO 🤣😂

@MosheTov For me at least it definitely was 😂

@0x_rcss 😱 I think this is some kind of record

@whithat444 @Magn4_ Sure, after the talk 😄

@0x_rcss @Magn4_ 😍 Share slides 🫣

Its seems like this guy found something that could destroy the internet 🤯 hackerone.com/rcss?type=user

@whithat444 @Magn4_ Yup!

@0x_rcss @Magn4_ DEF CON 34?

@kubolos231 @Magn4_ @goldenape36 It is! Just submitted a talk to DEF CON a few days ago about this issue 😄🤞

@Magn4_ @goldenape36 "Just a security researcher who likes web and supply-chain stuff :)" -> Supply chain seems like valid scenario here

@Magn4_ Just submitted a talk to DEF CON a few days ago about this finding, guess we'll have to wait and see 😉

@0x_rcss Could it really destroy the internet ?

A new npm supply-chain compromise is targeting SAP developer workflows. Mini Shai-Hulud follows a familiar pattern, but with a smaller package set and a serious secret-stealing payload built to hit developer machines and CI/CD environments. Affected packages we’re tracking: - cap-js/sqlite v2.2.2 - cap-js/postgres v2.2.2 - cap-js/db-service v2.10.1 - mbt v1.2.48 If any of these touched your environment, rotate secrets and review GitHub, npm, cloud, and CI activity.

Full breakdown aikido.dev/blog/shai-hulu…

imagine getting hacked by a RAT just to use ChatGPT

We are actively seeing TeamPCP modify the CanisterWorm payload, seemingly debugging in production. Classic tactic. But it doesn't change the fact that this is a very bad situation, given all the data the threat actor likely stole through the Trivy breach. aikido.dev/blog/teampcp-d…

The guy writing the TeamPCP/CanisterWorm malware knows me by first name and is leaving little notes in his source code asking me to be nice💀 Somehow, he's finding time to read my ramblings between pushing new versions🙃

There appears to be a new worm on NPM that has active community spread. All packages by `@EmilGroup` on NPM were replaced with this self-spreading payload: @emilgroup/customer-sdk?activeTab=code" target="_blank" rel="nofollow noopener">npmjs.com/package/@emilg…

New research by @0x_rcss on the compromise of a popular OpenVSX extension by BlokTrooper: aikido.dev/blog/fast-draf…

@BrighterCommand Hi! I'm a security researcher, do you know where/how is the best way to report a security issue to the project? Thanks!

Yes, we've heard a little noise about the semi-popular #ChatMoss #VSCode extension that appears to be malicious. We reported it on 31. Oct 2025, in fact; shortly after we began our ongoing campaign to monitor the VSCode and OpenVSX marketplaces. The extension ID is WhenSunset[.]chatgpt-china ; for whatever reason, in this case the marketplace folks decided to take no action. It's not new, it's not news, but it is a good reminder to be cautious; marketplace maintainers can be reluctant to remove things without "smoking gun" evidence of malice. #WhenSunset #VSCodeExtension #Malware #SupplyChainSecurity #OpenSourceSecurity

🗣️ SPEAKER Announcement #BlackAlps25 is glad to propose you a talk from Raphael Silva @0x_rcss, Security Researcher at @Checkmarx specializing in security research, SAST methodologies, and Supply Chain Security. 📅 Friday, November 21st 🕞 11h15-11h45 📗 lnkd.in/ex7X8BQe