Brother Michael

People have learned a few psychological buzzwords on social media,like "gaslighting," "narcissist," "boundaries," and "toxic", and now they use them to run away from normal human conflict. Sometimes your partner isn't a "toxic narcissist violating your boundaries"; sometimes they are just annoyed, having a bad day, and you are actually the one who was wrong. We have weaponized therapy language to ensure we never have to apologize or compromise.

Seeing all these dumsor apps has motivated me to complete a related side project. Let’s see just how much I can stretch @claudeai 😏

We built a crowdsourced outage tracker for Ghana. Power and now water too. See what your neighbours are reporting in real time, no waiting on ECG or GWCL. 1,500+ reports across 80 zones in a day.​​​​​​​​​​​​​​​​ check it out on odumsor.com

The human responsible for 90% of the horrible legacy code and technical debt is now back with LLMs. God help us all 😔

@MichaelEssandoh Fuck you too

Fuck! Just paid $240 Come on!

men don’t push for cohabitation the way you guys think. women loveee it, they plan it and they are vocal about it. you’d literally see a woman get pissed the moment a man denies them access to spend the night or days at their place

Стандартная позиция человека, который решает проблемы других:

I am monitoring the situation. (2026 FULL)

@kwesi_dadson @sabato85 Not one, but both testicles? Then the guy be correct waa

@sabato85 🤣🤣🤣🤣 are you related to @MichaelEssandoh?

I need a reliable shipping agent that can just ship things from China for me. How hard is that?

Yup, platform activity is surging. There were 1 billion commits in 2025. Now, it's 275 million per week, on pace for 14 billion this year if growth remains linear (spoiler: it won't.) GitHub Actions has grown from 500M minutes/week in 2023 to 1B minutes/week in 2025, and now 2.1B minutes so far this week. So we're pushing incredibly hard on more CPUs, scaling services, and strengthening GitHub’s core features. And as a fine purveyor of hand-crafted shit code for many years, I'm not gonna weigh in on that. 🤣

🚨‼️ We've just launched a central dedicated tracker for all alleged TeamPCP supply chain attack victims. teampcp.cyberdigest.international 👀

For those of you who have forgotten this document, please walk with me 🙏🦁🇬🇭

CAN WE PLEASE NORMALIZE NOT CONFUSING SOMEONE’S FREE TIME WITH THEIR AVAILABILITY.

📢 ZERO SIGN UP, FREE FOREVER, MALWARE PROTECTION. npm i -g sfw sfw npm install sfw pnpm install sfw yarn install sfw cargo fetch sfw uv pip install socket.dev/blog/introduci…

Cobbled together a supply chain monitoring system last week: Cursor+Composer-2-fast harness on live package diffs (pypi+npm). Simple! Received a slack alert within minutes of Axios compromise. Reported to the devs after triple checking, because at first I could not believe it!

‼️ Meet the guy almost everyone loves for alerting the axios devs about the supply chain attack. He built a supply chain monitoring system last week, and was alerted within minutes of the axios compromise. The world should be thanking Elastic Security's finest: Joe @dez_

There is a project on GitHub called Axios. Axios is extremely popular. It is used by millions upon millions of applications. Axios is a programming library that helps your JavaScript code make HTTP/S requests (communicate with websites). In simple terms, if you're a programmer doing something with JavaScript, and want to do stuff that communicates with a website in literally any capacity, people heavily recommend using Axios due to its simplicity. Using Axios you don't have to reinvent the wheel and do a bunch of work. All you need to do is import Axios into your code and you're off to the races. Someone (currently unknown) compromised Axios (currently unknown how) to deliver malware to people. When someone updates or installs Axios, Axios itself contains malware. What the malware does is (currently) unknown, but it is being reversed engineered by probably every malware analyst on the planet at this moment. In a few hours more details will emerge. Information is being exchanged in real time on social media and private communication platforms as I write this. Due to the size and popularity of Axios, it is unknown how many are impacted, it could be millions, it could be thousands, or if we're lucky, only hundreds of people or organizations will be impacted. If this is absolute worst case scenario, millions of organizations across the planet have been infected with malware which (currently) we do not understand. However, the likelihood of this is low. It appears Axios being compromised was detected quickly, potentially within minutes (or hours) of it being compromised to deliver malware. Additionally, the likelihood of every single Axios user updating Axios as soon as it was compromised to deliver malware is astronomically low. It is basically zero. The impact from Axios being compromised is devastating, the fallout from this will be a massive headache. This is unironically a malware nuclear missile and will likely be studied in the future.

Every time I am traveling and I don’t know the town I have gotten to, I just look for a sign board of the church of Pentecost. They always come thru 😅

The LiteLLM supply chain attack is big shenanigans. I have to explain the whole thingie though so you can get the full context of the shenanigans. TeamPCP (the people who probably did it) is unironically swinging a big ass fuck off baseball bat, they're swinging for the moon. tl;dr see picture of cat as summary I also want to preface this with I DID NOT PERFORM THIS ANALYSIS. I almost never do open-source solutions malware stuff and this is also more in the line of work with DFIR (Digital Forensics and Incident Response). This summary comes from various peers and colleagues of mine who have been discussing TeamPCP the past couple of days. DFIR nerds I sourced: - @ramimacisabird - @InsiderPhD Non DFIR nerds I sourced: - @IceSolst - @IntCyberDigest Yeah, so pretty much this group of nerds named TeamPCP bamboozled an open-source security product called Trivy. TeamPCP sent a pull request on GitHub but did it with "pull_request_target". Normally a pull request isn't a big deal. Nerds do it all the time. "pull_request_target" though is designed to copy secrets, tokens, etc. pull_request_target is a legit thing. People do it all the time. It should only be performed by people you trust. TeamPCP impersonated a legitimate GitHub contributor. Trivy was caught slippin'. When TeamPCP did pull_request_target they stole access tokens to a place called Aqua Security. Aqua Security was like, "lol gosh dang it" and did what you were supposed to do. They rotated access tokens and passwords and stuff. However, Aqua made an oopsie and forgot to rotate the stuff for one of their automation bots. Once TeamPCP had access they injected malicious code which steal environment variables, SSH keys, cloud credentials, cryptotokens, etc into three things. - Trivy - Trivy GitHub actions - Trivy Docker stuff As is tradition, once TeamPCP put malware into Trivy stuff, anyone who did anything with Trivy was given malware. TeamPCP got a metric poop ton of stolen data and began using it to move to NPM projects. The projects they infected next was infected with a malware people named "CanisterWorm". In extreme summary, CanisterWorm placed stuff in package.json from the infected NPM project. Every new infected NPM project would download malware to the machine that (unsurprisingly) stole your data. TeamPCP seems to have been inspired by the North Korean government, or ALPHV ransomware group, because instead of stealing data to their server they store it on the blockchain ... making it virtually impossible to takedown. LiteLLM takes place somewhere between Trivy and CanisterWorm. As of this writing the exact way TeamPCP got access to LiteLLM is unknown, however it's heavily speculated it is from Trivy. TeamPCP also stated very bluntly they got access from Trivy but ... they could also be lying. This may come as a surprise, but sometimes criminals lie to cover their tracks. LiteLLM infection though was a few more degrees amplified than the previous stuff. LiteLLM infection also attempts lateral movement by automating Kubernetes stuff. LiteLLM infection also steals a ton more data than previous stuff. Here is the big ass list of stuff it steals: - SSH keys - AWS credentials and configurations - GCP credentials and configurations - Azure environment variables - Kubernetes credentials and configurations - Environment configurations - Shell History - Git credentials and configurations - Docker credentials and configurations - Database instances - IaC / CI/DI - SSL private keys - Solana keys - Crypto wallets - VPN credentials and configurations - Hashicorp vault (?) - NPM configurations - SMTP credentials TeamPCP is unironically putting in big moves. What makes them unusual is how profoundly aggressive they are. It isn't uncommon for Threat Actors to attempt things like this, but TeamPCP is doing something more akin to "smash and grab" rather than "stay silent and watch".