CyberGhost
1.5K posts
CyberGhost
@CyberGh0ost007
Software Developer. Building https://t.co/qAxlYtQBIW and https://t.co/Ea74uyh6Ic
Maputp Katılım Ekim 2021
231 Takip Edilen41 Takipçiler
@estrada_joseph @IntCyberDigest It's simple, just refresh all your github tokens and check if you still have any files 60 seconds later!
English
‼️🚨 UPDATE: The TanStack npm attack is now a full campaign.
'Mini' Shai-Hulud has hit:
- OpenSearch
- Mistral AI
- Guardrails AI
-UiPath
- Squawk packages across npm and PyPI
The malware specifically targets AI developer tooling. It hooks into Claude Code (.claude/settings.json) and VS Code (.vscode/tasks.json) to re-execute on every tool event, long after the infected package is gone. npm uninstall does not fix this.
International Cyber Digest@IntCyberDigest
‼️🚨 BREAKING: A new npm supply-chain attack uses a dead-man's switch. The payload plants a watcher on your machine that nukes your home directory the second you revoke the GitHub token it stole from you. The compromise happened today, across 42 official tanstack npm packages, 84 malicious versions in total. tanstack/react-router alone pulls more than 12 million weekly downloads. The attacker forked TanStack's repository and pushed a single hidden commit. From there, they tricked TanStack's own release system into signing the malicious packages as if they were the real thing. To npm, and to anyone checking the cryptographic proof of origin (SLSA provenance), the poisoned versions looked 100% legitimate. Maintainer Tanner Linsley confirmed the whole team had 2FA enabled. It didn't matter. This is the first documented npm worm in history that ships with a valid, signed certificate of authenticity, the same one defenders rely on to know a package wasn't tampered with.
English
CVE-2026-44578
⚠️ Next.js – WebSocket Upgrade SSRF (CVSS 8.6)
A server-side request forgery vulnerability in Next.js allows unauthenticated attackers to force self-hosted instances to make internal HTTP requests via the WebSocket upgrade handler.
By sending a crafted absolute-form HTTP request with Upgrade: websocket headers, attackers can access internal services, cloud metadata endpoints, admin panels, and internal APIs reachable from the Next.js server on port 80. Successful exploitation may expose cloud credentials, API keys, secrets, and configuration data.
Affected: Next.js 13.4.13+, 14.x, 15.x <15.5.16, 16.0.0–16.2.4
Mitigation: Upgrade immediately to 15.5.16 or 16.2.5.
Modat Magnify Query:
technology="Next.js"
The platform:
magnify.modat.io
#threatintel #vulnerability #CVE202644578 #Nextjs #SSRF #WebSocket #CloudSecurity #infosec #Critical #ModatMagnify
English
@corePentester @modat_magnify I think I will start using Laravel and livewire.
English
@modat_magnify I need an alternative to next JS but not interressed to plain react JS, some routers & libs.
English
What a hell
Socket@SocketSecurity
🚨 Socket detected malicious activity in newly published versions of node-ipc, an npm package with 822K weekly downloads. Affected versions: node-ipc@9.1.6 node-ipc@9.2.3 node-ipc@12.0.1 Socket’s AI scanner flagged the malware within ~3 minutes of publication. Early analysis shows obfuscated stealer/backdoor behavior, including host fingerprinting, local file enumeration, payload wrapping, and attempted exfiltration.
English
CyberGhost retweetledi
@tonykagoh @Joe__Bassey Bro 😅😅
The shop owners were like: what a hell ?😐
😅😅😅
English
@Joe__Bassey Guy doesn't even understand english, 'this shop must not be closed' how will he reason with a foregin businessman in S.A
English
This is the current situation in South Africa 🇿🇦: since yesterday, some indigenous black South Africans have been demanding that every shop belonging to immigrants close on Friday.
English
@Gabybigs @Joe__Bassey Bro, he's demanding proof of investment in 5 million. It doesn't make any sense. Now don't you wanna know if they are illegal no more? 😅
English
@Joe__Bassey Is our country and yes they must go to their countries. We are sick and tired of them mxm.
English
@margielaaaman1 @SulikaJr Mas isso não faz sentido 😅😅😅. O jogo já tem um "VAR" 🤷🏾♂️
Português
Queria perceber qual a lógica de ter VAR, num jogo de vídeo game?
FGZ ⚽️🎮@FGZNews
🚨 VAR will NOT be coming in EA FC 27 ❌
Português
Professor: Quem não quiser assistir minha aula pode sair.
Eu: *levanto para sair*
Professor:
Português
@JnorEduardOfice @iGraHms @JerThaPlug @slutttyyykiksss Exatamente. Por mim, a língua está boa. O problema é outro 🤷🏾♂️
Português
@CyberGh0ost007 @iGraHms @JerThaPlug @slutttyyykiksss Vão e isso mostra que idioma sozinho não decide onde os artistas vão actuar, i've changed my previous mind.
Português
Português
@iGraHms @JerThaPlug @slutttyyykiksss No meu ponto de vista eles têm essas oportunidades por conta do inglês, uma vez Ismael disse: “Se Moçambique adoptasse o inglês como idioma principal, teríamos mais ganhos económicos e culturais”.
Português
English
English
Claude Code weekly limits are increasing 50%, now through July 13.
Live now for all Pro, Max, Team, and seat-based Enterprise users.
English
Do jeito que estão a caminhar muito, cuidado preço de chinelos subir🤣😭
Português
as a mf currently going through a lot, i can always tell when i see another mf going through a lot too
MIKE⭐️@TheViralHall
Christian lovers celebrates one year of abstinence from sex
English
Façam machambas perto de casa.
Não se preocupem com o preço do combustível, ouviram? ⛽😂
Português
@MozSemContexto Fazer isso por futebol 🚮.
Nem ganhas 1 MT da parte deles.
Português
@douglasnbraga O time é horroroso
Pragmático,medroso,e sem criatividade
A única jogada deles é Bola aérea
Eu torço mto pra eles perderem qualquer título
Português
@premierleague @Arsenal Just give Arsenal the league please
Stop the pressure you put on us
English
