Cyber Cyborg

@KudelskiSec This is really cool. Thanks for sharing it with the community. Does your sit have an rss feed to keep up with the blogs?

When a security tool becomes the threat. Our latest Kudelski Security blog examines the Trivy supply-chain compromise, from CI/CD credential theft to a persistent backdoor, and what it means for supply-chain risk. 👉 kdlski.co/4tguW07

@sami__salman @wiz_io Unless you mean the TA is purposefully cross posting secrets from A to B's repo - as they have both PATs

@sami__salman @wiz_io Wiz can confirm that cross-victim exfiltration is taking place. Exfiltration of one victim's secrets to public repositories owned by a second, unrelated vic How can secrets from victim A, that has a PAT to A show up in B's repo

🚨 New Shai-Hulud-style npm attack hitting 25k+ repos and growing fast. Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection + mitigation. Details: wiz.io/blog/shai-hulu…

@JFrogSecurity Link please

The JFrog security research team has identified what seems to be a new wave of the Shai Hulud supply-chain abuse in the npm ecosystem. Our team is actively monitoring the npm repository to detect more packages as the surge continues. In addition to the 459 publicly identified packages, the JFrog research team identified the following 181 packages that are also compromised: @accordproject/concerto-linter @accordproject/concerto-linter-default-ruleset @accordproject/concerto-metamodel @accordproject/concerto-types @accordproject/template-engine @alaan/s2s-auth @antstackio/eslint-config-antstack @antstackio/express-graphql-proxy @antstackio/graphql-body-parser @antstackio/json-to-graphql @antstackio/shelbysam @clausehq/flows-step-httprequest @clausehq/flows-step-mqtt @clausehq/flows-step-taskscreateurl @commute/market-data-chartjs @dev-blinq/blinqioclient @dev-blinq/cucumber-js @dev-blinq/ui-systems @everreal/react-charts @everreal/validate-esmoduleinterop-imports @faq-component/core @faq-component/react @fishingbooker/react-loader @fishingbooker/react-pagination @fishingbooker/react-raty @hover-design/core @hover-design/react @ifings/metatron3 @lessondesk/electron-group-api-client @lessondesk/material-icons @lessondesk/react-table-context @mparpaillon/page @ntnx/passport-wso2 @ntnx/t @osmanekrem/bmad @pradhumngautam/common-app @pruthvi21/use-debounce @relyt/claude-context-core @relyt/claude-context-mcp @relyt/mcp-server-relytone @seezo/sdr-mcp-server @sme-ui/aoma-vevasound-metadata-lib @suraj_h/medium-common @trpc-rate-limiter/cloudflare @trpc-rate-limiter/hono @varsityvibe/utils @voiceflow/alexa-types @voiceflow/anthropic @voiceflow/api-sdk @voiceflow/backend-utils @voiceflow/base-types @voiceflow/body-parser @voiceflow/chat-types @voiceflow/circleci-config-sdk-orb-import @voiceflow/commitlint-config @voiceflow/common @voiceflow/default-prompt-wrappers @voiceflow/dependency-cruiser-config @voiceflow/dtos-interact @voiceflow/encryption @voiceflow/eslint-config @voiceflow/eslint-plugin @voiceflow/exception @voiceflow/fetch @voiceflow/general-types @voiceflow/git-branch-check @voiceflow/google-dfes-types @voiceflow/google-types @voiceflow/husky-config @voiceflow/logger @voiceflow/metrics @voiceflow/natural-language-commander @voiceflow/nestjs-common @voiceflow/nestjs-mongodb @voiceflow/nestjs-rate-limit @voiceflow/nestjs-redis @voiceflow/nestjs-timeout @voiceflow/npm-package-json-lint-config @voiceflow/openai @voiceflow/pino @voiceflow/pino-pretty @voiceflow/prettier-config @voiceflow/react-chat @voiceflow/runtime @voiceflow/runtime-client-js @voiceflow/sdk-runtime @voiceflow/secrets-provider @voiceflow/semantic-release-config @voiceflow/serverless-plugin-typescript @voiceflow/slate-serializer @voiceflow/stitches-react @voiceflow/storybook-config @voiceflow/stylelint-config @voiceflow/test-common @voiceflow/tsconfig @voiceflow/tsconfig-paths @voiceflow/utils-designer @voiceflow/verror @voiceflow/vite-config @voiceflow/vitest-config @voiceflow/voice-types @voiceflow/voiceflow-types @voiceflow/widget 02-echo ai-crowl-shield arc-cli-fc automation_model benmostyn-frame-print bidirectional-adapter blob-to-base64 colors-regex composite-reducer css-dedoupe dashboard-empty-state dialogflow-es docusaurus-plugin-vanilla-extract dont-go email-deliverability-tester eslint-config-nitpicky expressos fat-fingered firestore-search-engine generator-meteor-stock generator-ng-itobuz gulp-inject-envs hover-design-prototype httpness hyper-fullfacing itobuz-angular-button jsonsurge kwami lang-codes mod10-check-digit n8n-nodes-vercel-ai-sdk n8n-nodes-viral-app next-simple-google-analytics next-styled-nprogress ngx-useful-swiper-prosenjit ngx-wooapi normal-store orchestrix package-tester pdf-annotation pkg-readme prime-one-table prompt-eng prompt-eng-server puny-req ra-auth-firebase react-favic react-hook-form-persist react-linear-loader react-micromodal.js react-native-google-maps-directions react-native-modest-checkbox react-native-modest-storage samesame selenium-session selenium-session-client shelf-jwt-sessions solomon-api-stories solomon-v3-stories solomon-v3-ui-wrapper south-african-id-info stat-fns super-commit svelte-toasty tanstack-shadcn-table tcsp tcsp-test-vd template-lib template-micro-service tiaan typefence upload-to-play-store use-unsaved-changes valid-south-african-id vf-oss-template web-scraper-mcp wellness-expert-ng-gallery zuper-stream For a full list of packages and remediation, see our technical blog post (link in comments)

@TenableSecurity A vulnerability vendor starts ambulance chasing. it's bad, but not a 5 alarm fire - just yet. There are other incidents playing out right now in every org, that need current prioritization. This one is a patch asap response. Let's not get into imaginary response, stay real.

“Make no mistake, the breach at #F5 is a five-alarm fire for national security.” Tenable CSO Bob Huber issues a warning about how pervasive #F5 is in today’s security infrastructure and how organizations can protect themselves. Learn more → spr.ly/6011A0tWT

@cyb3rops Lets also remember this is a very hard time for the IR people working this incident - please limit the criticism unless you work core IR (i.e. a frontline responder, holding the pager in your hand every single day 24 * 7 * 365).

What really bothers me is that neither F5’s statement nor the attestation letters from NCC Group or IOActive mention when the breach actually happened. They only say that F5 “learned” about it in August 2025. That’s not when it started. There must be forensic evidence pointing to the first signs of compromise - timestamps, login traces, file access logs, anything. Was it weeks before they noticed? Months? Maybe even years? They don’t say. Not even approximately. When companies omit that detail, it’s usually one of two things: - They genuinely have no clue when the attackers got in (which would be disastrous), or - They it started long before discovery and don’t want to admit how far back it goes. Either way, that’s the part that stinks the most.

@jandrusk @reprise_99 @jandrusk see here - cisa.gov/resources-tool…

@reprise_99 Thanks, Matt!

As part of the expanded default logging in Microsoft 365, we worked with CISA and other partner agencies to jointly develop the Microsoft Expanded Cloud Log Implementation Playbook to help defenders. It will be available soon, more information here - techcommunity.microsoft.com/t5/public-sect…

@reprise_99 never mind, found it here - cisa.gov/resources-tool…

@reprise_99 @reprise_99 Hello, please help with the link to find the playbook

@cyb3rops Do you know how security teams are funded? and the level of partnership they get from IT teams? If you did - your ask would be directed not to your peers, but the decision makers who control their fate.

I’m not sure people realize what they actually need to do. Once a 0day goes public and at least one threat actor has used it to exploit thousands of devices - and then a list of affected systems leaks - PATCHING IS NOT ENOUGH. If you take security seriously, you must run a compromise assessment to check whether the device and other systems in your network have already been breached. When you find the front gate of your castle wide open and know it’s been that way for weeks, just closing it isn’t enough. You need to check if: - Someone has already walked in - Your secrets have been stolen - A rope ladder is hanging from the walls - Or worse—the king has been assassinated. Treat this like the security incident it is.

I'm not sure people fully grasp the severity of this #Fortigate config dump - Kevin breaks it down in his Mastodon posts : @GossiTheDog/113834848200229959" target="_blank" rel="nofollow noopener">cyberplace.social/@GossiTheDog/1…

@JimSycurity Thank you for sharing. Is there a recording of this please?

Ope, shoulda planned for a 4 hour long webcast... We went for about 2 hours & ran out of time. I'll still release the slides, but will get a Part 2 of the webcast scheduled. And I have at least enough stuff that didn't make it into the slide deck for Part 3.

@TrimarcSecurity @JimSycurity Sorry to have missed the live session, is there a recording please?

We're less than an hour away from @JimSycurity's thrilling foray into #ActiveDirectory Security Descriptors! 🥄 Grab a spoon & dig in: The Gooey Guts of Security Descriptors: Securable Objects, All the Way Down TODAY (Oct 24) @ 11a PT / 2p ET Register at bit.ly/DescriptorInna…

@jandrusk @reprise_99 Is there a update please when this may be released? Microsoft Expanded Cloud Log Implementation Playbook

@reprise_99 Is there a release date please? The CSRB report will ignite the desire for better logging & this playbook can be a handy resource for SOC teams.