OpsDaddy

The vaccine dosage was obviously too high and done too many times. I had the original Wuhan virus before there was any vaccine and it was much like any other cold/flu. Bad, but not terrible. But my second vaccine shot almost sent me to the hospital. Felt like I was dying.

A hacker group just compromised one of the most widely used security scanners in the world, and used it to steal half a million credentials from companies that trusted it to keep them safe. On March 19, a threat actor group called TeamPCP injected credential-stealing malware into Trivy, a popular open-source vulnerability scanner maintained by Aqua Security. Trivy is used by thousands of companies to scan their code and infrastructure for security flaws. The attackers compromised 75 GitHub Action tags, the Trivy Docker images, and related CI/CD pipelines, meaning every company running automated security scans through Trivy was unknowingly executing the attackers' code. The malware harvested SSH keys, cloud credentials, Kubernetes secrets, cryptocurrency wallets, and .env files from every environment it touched. The stolen data was encrypted and exfiltrated to attacker-controlled servers. But the attack didn't stop there. Using credentials stolen from Trivy's CI/CD pipeline, TeamPCP then backdoored LiteLLM, a widely used Python framework for managing AI model APIs. Two malicious versions (1.82.7 and 1.82.8) were pushed to PyPI, the main Python package repository. The second version was designed to execute automatically on every Python process startup in the environment, no user interaction required. From there, it deployed privileged pods across entire Kubernetes clusters and installed persistent backdoors on every node. The attackers also pushed compromised Docker images of Trivy (versions 0.69.4, 0.69.5, 0.69.6) to Docker Hub and compromised dozens of npm packages with a self-spreading worm called CanisterWorm. They even defaced 44 internal Aqua Security repositories in a scripted 2-minute burst, renaming them all with "TeamPCP Owns Aqua Security." According to the International Cyber Digest, which is in direct contact with the attackers, TeamPCP claims to have exfiltrated 300 GB of compressed credentials and is actively working through them. The LiteLLM compromise alone reportedly yielded half a million stolen credentials. The group says it is currently extorting several multi-billion-dollar companies. Each compromised environment yielded credentials that unlocked the next target. The pivot from CI/CD pipelines to production Python packages running in Kubernetes clusters was deliberate escalation. Security researchers say this campaign is "almost certainly not over." This is what a modern supply chain attack looks like. The tools companies trust to secure their infrastructure become the attack vector. The irony is brutal, the security scanner was the vulnerability.

🚨‼️ We're in contact with the actor behind the Trivy and LiteLLM hack. They told us they are currently extorting several multi-billion-dollar companies from which they've exfiltrated data. They've obtained 300 GB of compressed credentials and are working their way through them as we speak. The LiteLLM compromise alone led to half a million stolen credentials, according to the threat actor. Their message to the world: "TeamPCP is here to stay. Long live the supply chain." They've sent us their new logo (see image) and also teamed up with several threat actors, including Xploiters and Vect.

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

@NuryVittachi Hold for 45 minutes.

THE PLANNED U.S. ATTACK ON IRAN has a hitch: most of the missile-targeting crew are queuing for toilets on the lead vessel, the USS Gerald R Ford. This is not a joke. A set of emails was obtained by NPR, a US public broadcasting group, revealing that toilet wars have broken out on board the most expensive ship the US Navy ever built. The Wall St Journal followed up to confirm the tale today. TLDR Summary: There are too few functioning toilets for 4,600 sailors and the problem is worsening daily—there’s no chance of fixing the system without returning the ship to the US dockyards. . BIG PROBLEMS TO DISCHARGE Problem one: Design planners screwed up by including too few toilets for 4,600 sailors, leading to 45-minute queues on a daily basis. Problem two: Engineers screwed up by installing a fragile vacuum system in which a single valve breakdown on one toilet can stop all the toilets in an entire department functioning—making the queues even longer. Problem three: Some of the temporary repair operations (such as using an acid flush to clear out calcium build-ups) can only be done while the ship is docked: no prospect of that. But with so many toilets out of order, too much pressure is put on the ones still working, so the problem will just spread. . KEY PLAYER IN U.S. ATTACKS And the issues have been gradually mounting for more than a year. “A March 18, 2025 email from the engineering department sent out to all chiefs on the ship said there were 205 [toilet] breakdowns in four days,” the NPR reported. The ship is at the heart of US overseas attack operations, working for months in waters near Venezuela, to support the abduction of the country’s president and the seizing of ships carrying oil to customers, and is now heading the planned regime change operation in Iran. Israel wants a pro-Netanyahu leader installed, as the US has done in many other countries. But how can they attack Iran while staff are queuing for the loo? . WAR OF WORDS ON BOARD One result of all this is war between sailors and on-board sewage staff (called Hull Technicians, or HTs). One sewage engineering head complained that the sailors put all sorts of problematic material down the toilets, including t-shirts: “Our sewage system is being mistreated and destroyed by Sailors on a daily basis. My HT's are currently working 19 hours a day right now trying to keep up with the demand.” Sigh. And the US taxpayer spent US$13 billion on the ship. On the plus side, it would be delightful if the carrier’s desperate lack of functioning toilets caused the attack on Iran was cancelled or postponed.

@elonmusk You tried your best 🤣

Civil war in Britain is inevitable. Just a question of when.

@globaltimesnews Big Daddy.

#China will impose, in accordance with laws and regulations, a special port service fee on vessels linked to the #US, including those owned or operated by US entities or individuals, those with 25 percent or more US ownership or control, those flying the US flag, and those built in the US. The maritime authority at the port of call will collect the fee, Chinese Ministry of Transport said on Friday. The fee will take effect starting from October 14.

@vivek_naskar Take care of the family.

I lost my father this morning. I got over 20 phone calls from my mom, but I was working late and didn’t hear calls. When I finally picked up (at around 8am), I booked the fastest flight I could, but I’ll only reach by 7 PM. I’m sitting at the airport now, waiting for my second flight, and hundreds of thoughts are running through my mind, thoughts I have no control over. While checking my call list, I realized my father had called me too. We couldn’t talk properly at that time. I didn’t call him back. I should have. I always thought I had more time with him. I didn’t. The last conversations between my father and me were about some disagreements. But we loved each other. He told my mom he was proud of me, not to me, though. I’m not an emotional person, but I can’t explain what I’m feeling right now. I’m writing this with a heavy heart and tears in my eyes because I need to keep a tough face when I see my mom and sister. I’m writing here to process everything and prepare myself to see my father, one last time. I have informed to some of my close friends. I won't be active here for a while. Thank you all for reaching out.

@svembu Disappointed with ux. Give some time to ux, listen to someone who has sense of it. There is a reason people hate Microsoft teams even for enterprise use .

We have faced a 100x increase in Arattai traffic in 3 days (new sign-ups went vertical from 3K/day to 350K/day). We are adding infrastructure on an emergency basis for another potential 100x peak surge. That is how exponentials work. As we add a lot more infrastructure, we are also fine tuning and updating the code to fix issues as they arise. We have all-hands-on-deck working flat out. As a matter of fact, we had planned on a big release by November, with a lot of the features you expect, a huge capacity addition and a marketing push. And then it suddenly went vertical! We have a lot more planned for Arattai, please give us some time. Thank you for your patience and support! Jai Hind 🙏

If you are an employee, the most certain product you own is yourself. 10 years from now, if the product sucks, you focused on wrong products.

@aravind It's true, not just a hypothesis. Not just for CEOs but for all hiring and promotion.

I have a hypothesis about why Indian CEOs are being selected in such large numbers by international boards. Indian CEOs are, of course, smart, talented, and capable leaders. But plenty of Americans, Brits, Israelis, Europeans, Chinese, Japanese, and Koreans are too. And it's not just about speaking English either, as some think, given immigrant Indians are chosen as being better than American or five eyes born native English speakers who are equal, or more in numbers in the western talent pool. My theory is that they're chosen because they tend to be docile and servile along with all the great qualifications and qualities of a leader. An Anglo-Saxon white, Chinese, or Israeli CEO might let their community's or birth country's interests creep in and interfere at some point. Or they will just be more brave and open about voicing their opinions and taking decisions which may affect shareholder value. For example, in the recent H1B visa fee hike case, I saw so many Whites (including Elon), Jewish and Chinese Americans (including CEOs) openly come out against it and support hi-tech immigration, even directly support Indian immigrants. Indian origin leaders, on the other hand, are a safe bet for keeping their mouths shut in silence. For instance, they haven't yet posted a single line condemning racial targeting, attacks, or killings of Indians, or speak out against H-1B visa policy changes that hurt their own community - or even their own company. Indians, especially India born ones, can just be trusted to play it safe, focusing solely on their personal and company interests. In fact, they'll bend over backwards to serve their boards, companies, and the deep state, if any, dictating. My hypothesis can be further proven by seeing that India born Indian origin leaders are picked for CEO jobs in US companies, and not many US born Indian Americans (not even close) who are as qualified with all the great credentials and just as good - if it is really the race or culture that makes good CEOs. Because, even though they are Indians with similar achievements, qualifications from top schools, and capabilities, being born and brought up in the US, they tend to have a bit more of the independent American spirit and much less of the docility and spineless, servile attitude.

Enough of internet today.

When China builds, you say it stole. When China sells, you say it cheats. When China grows, you say it threatens. But when you bomb, you say it liberates. When you sanction, you say it protects. When you steal, you say it secures. The real theft isn’t China’s technology. It’s America’s vocabulary.

In this world, the ones causing the most trouble are the ones who want the peace prize. What is happening in this world" - SALMAN 😅

@bissuusingh Plant some trees first, then some windows and gates.

What should I install first ?

@China_Amb_India I share the same line of thought. India and China have always been peace loving countries, except minor skirmishes. People need to think for themselves, free from the western propagandas.

It is high time for China & India to do big business, big investment and big commitment.

@elonmusk Are you afraid of history repeating - KARMA.

White people are a rapidly diminishing minority of global population

Useless without Russian Oil.

This guy always brings his train.

Fate of more babies is massive cheap local labour. Wish of every capitalist.