CharmingMichi

Microsoft is investigating mistralai PyPI package v2.4.6 compromise. Attackers injected code in mistralai/client/__init__.py that executes on import, downloads hxxps://83[.]142[.]209[.]194/transformers.pyz to /tmp/transformers.pyz, and launches a second-stage payload on Linux. The file name transformers.pyz appears deliberately chosen to mimic the widely used Hugging Face Transformers library and blend into ML/dev environments. The main payload is a credential stealer, but it also includes country-aware logic; it avoids Russian-language environments and contains a geo fenced destructive branch that has 1-in-6 chance of executing rm -rf / when the system appears to be in Israel or Iran. To mitigate this threat: isolate affected Linux hosts, block 83[.]142[.]209[.]194, hunt for /tmp/transformers.pyz, pgmonitor[.]py, and pgsql-monitor.service, and rotate exposed credentials.

A Sabesp conseguiu explodir 35 imóveis ao atingir uma rede de gás durante obra. Um morto ao menos. A destruição foi no bairro do Jaguaré, na zona oeste de São Paulo. Mais um da série “privatiza que melhora”.

On this day in 2000, the ILOVEYOU (aka Love Letter) worm began to spread to PCs around the world via email. It would eventually infect millions of computers and cost approximately $5.5 to $8.7 billion in damages.

Lançaram uma bíblia do Homelander e a reação do Soldier foi essa. Ele ta assistindo a série a reagindo com a gente KKKKKKKKKKKKKKKKKKK 🎥 The Boys (Episódio 5x05)

This is from an IBM presentation In 1979