Ax Sharma

Am also on 🦋BlueSky ⏬ bsky.app/profile/axshar…

MCP registries are the new npm. And we're about to relive the same mistakes. 🎙️Full conversation with Oleksandr Yaremchuk of @Manifold_ai_sec: youtu.be/gAyMiQ9VmEc?t=…

5 supply chain attacks in 72 hours. GitHub's own internal repos (~3,800). Microsoft's official Azure-associated package. And attackers... already stealing your Claude and Cursor config files via this attack vector.

🚨 The "𝙼𝚎𝚐𝚊𝚕𝚘𝚍𝚘𝚗" Campaign is live... 𝟻,𝟽𝟷𝟾 malicious commits to 𝟻,𝟻𝟼𝟷 GitHub repositories in a six-hour window. Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected 𝙶𝚒𝚝𝙷𝚞𝚋 𝙰𝚌𝚝𝚒𝚘𝚗𝚜 workflows containing 𝚋𝚊𝚜𝚎𝟼𝟺-𝚎𝚗𝚌𝚘𝚍𝚎𝚍 bash payloads that exfiltrate: - CI secrets, - cloud credentials - SSH keys - OIDC tokens - source code secrets Check your repo / Technical details: safedep.io/megalodon-mass…

After 10 years of running WindowsLatest, I think this is finally the end of an era. Google comfirmed that Search is becoming an AI box, which means you'll not be encouraged to click "blue links." Yes, the blue linke are still on the page, but they're becoming irrelevant. For a decade, I watched Google rank Reddit threads, forums, spam, and sites that merely linked to my reporting above the original articles I broke. I complained to Googlers repeatedly. I showed them my original work being outranked by spammers copying it. Nobody at Google cared... I never sold products with affiliate links. Ive never recommended anything for a commission. I have never ran a sponsored post. Being the "nice guy" earned me nothing Google had already decimated independent publishers long before this announcement. AI Mode is just the funeral

A trojanized Bitwarden npm version appeared for 90 minutes last month. 9 days later it got a CVE—after the package was already pulled. That's an incident response notification, not what CVEs were originally built for. Agentic AI makes this gap much worse csoonline.com/article/417342…

Microsoft is investigating a new, emerging Mini Shai-Hulud npm supply chain attack targeting antv packages. Attackers compromised an antv maintainer account and published malicious versions of multiple widely used packages (for example, antv/g2). As these packages are widely used as dependencies, the compromise propagated into downstream libraries like echarts-for-react, impacting a much broader set of applications and continuous integration (CI) environments. All compromised packages contain a byte-identical, obfuscated credential-stealing payload delivered via a preinstall hook (Bun). The malware targets high-value secrets including: - GitHub personal access tokens (PATs) and OpenID Connect (OIDC) tokens - npm / Amazon Web Service (AWS) credentials and Security Token Service (STS) sessions - Secure Shell (SSH) keys, kubeconfigs, and .env / .npmrc files - Software-as-a-service (SaaS) tokens (Slack, Stripe, Vault) Exfiltration occurs over HTTPS with Transport Layer Security (TLS) validation disabled. The payload also abuses stolen OIDC tokens to forge Supply-chain Levels for Software Artifacts (SLSA) provenance and propagate malicious releases, exhibiting worm-like behavior across repositories. Malicious files distributed through npm packages are detected by Microsoft Defender as Trojan:AIGen/NPMStealer , "Suspicious Node.js process behavior", or “Credential access attempt”, preventing credential theft and malicious post-install execution. Mitigation: - Audit dependencies for affected antv and related packages; pin or downgrade to known-good versions (pre-2025-05-18). - Revoke and rotate exposed credentials (GitHub, npm, cloud tokens, SSH keys). - Validate integrity of CI pipelines and recent build artifacts. - Network IOC: Stolen credentials are exfiltrated over HTTPS to t.m-kosche[.]com:443. Block at egress and review network logs for outbound connections.

Cloudflare is right about this. You're not going to be able to patch fast enough, but you can build your systems so that the vast majority of vulnerabilities don't matter. If you've not done that, you're going to have a bad time.

Francisco Rosales (@0xmagic0) of @Manifold_ai_sec found and reported the vulnerability. Fixed in v3.6.0. The filtering logic already existed. It just wasn't being called in both places. Update now.

The tool names are in the README. Set to read-only mode. 'kubectl_delete' is not on the list. But if you call it anyway, the pod is gone...

The read-only mode in mcp-server-kubernetes (20,000+ weekly npm downloads) ...doesn't actually restrict anything. Neither do the other two access control modes. CVE-2026-46519, CVSS 8.8 🧵

Canada Goose investigating as hackers leak 600K customer records - @Ax_Sharma bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

@troyhunt @canadagoose Canada Goose provided a statement: bleepingcomputer.com/news/security/…

Anyone seen a statement from @canadagoose on this? Or media coverage?

🚨Cyber Alert ‼️ WormGPT A threat actor known as Sythe claimed to have leaked the database of WormGPT, a cybercrime-focused AI platform, exposing data linked to more than 19,000 users. The leaked data allegedly includes email addresses, user IDs, and subscription and billing metadata. Sector: ICT Threat class: Cybercrime Observed: Feb 10, 2026 Status: Pending verification — About this post: Hackmanac provides early warning and cyber situational awareness through its social channels. This alert is based on publicly available information that our analysts retrieved from clear and dark web sources. No confidential or proprietary data was downloaded, copied, or redistributed, and sensitive details were redacted from the attached screenshot(s). For more details about this incident, our ESIX impact score, and additional context, visit HackRisk.io.

Despite #Zendesk suggesting safeguards and tightening up security last month, the massive spam wave has returned flooding inboxes with hundreds of bogus 'Activate account...' emails that bypass #spam filters bleepingcomputer.com/news/security/…

lmao for real?

Responsible disclosure is built on an assumption that "doing the right thing" = timely action & fair treatment, if not a bounty award. Lately, that assumption is collapsing. For CISOs, this is gradually evolving into a risk management nightmare. csoonline.com/article/412476…

A NationStates game player found a critical vulnerability and then crossed a line... He copied production data and app code to his personal system. bleepingcomputer.com/news/security/… Finding a flaw is enough. Demonstrate it safely, report it responsibly and stop there.

Such data can expose who runs what, at what scale, and when contracts renew. This serves as prime intel for competitors/customer poaching but also for threat actors aiming to launch targeted phishing, BEC and extortion attacks. bleepingcomputer.com/news/security/…

BREAKING: Threat actors are seeking data on ~1,800 MSPs after a Pax8 spreadsheet with customer and Microsoft licensing info was accidentally emailed to ~40 partners yesterday.