Tali Ash

Trust Wallet's Chrome extension was compromised on Christmas Eve. $7M drained. We dug into the code. The attack was worse than reported - it triggered on every unlock, not just seed phrase imports. Full technical breakdown: koi.ai/blog/trust-wal… #TrustWallet

🚨 𝗪𝗲'𝘃𝗲 𝘂𝗻𝗰𝗼𝘃𝗲𝗿𝗲𝗱 𝘁𝗵𝗲 𝗳𝗶𝗿𝘀𝘁 𝗺𝗮𝗹𝗶𝗰𝗶𝗼𝘂𝘀 𝗠𝗖𝗣 𝘀𝗲𝗿𝘃𝗲𝗿 𝗶𝗻 𝘁𝗵𝗲 𝘄𝗶𝗹𝗱. It was only a matter of time. The postmark-mcp npm package (1,500+ weekly downloads) has been backdoored since v1.0.16 - silently BCCing every email to the attacker's server. The developer built trust through 15 legitimate versions, then added one line of code that compromised everyone. When confronted, they deleted the package to cover tracks, but existing installations are still actively leaking emails. If you're using postmark-mcp, uninstall it NOW. This is what happens when we give anonymous developers god-mode access to our AI assistants with zero security controls.

🚨 𝗕𝗥𝗘𝗔𝗞𝗜𝗡𝗚: 𝗢𝗻𝗴𝗼𝗶𝗻𝗴 𝗻𝗽𝗺 𝘀𝘂𝗽𝗽𝗹𝘆 𝗰𝗵𝗮𝗶𝗻 𝗮𝘁𝘁𝗮𝗰𝗸 Hundreds of packages compromised — millions at risk. ⚠️ Malware drops 𝗯𝘂𝗻𝗱𝗹𝗲.𝗷𝘀, steals secrets w/ 𝗧𝗿𝘂𝗳𝗳𝗹𝗲𝗛𝗼𝗴, writes rogue 𝗚𝗶𝘁𝗛𝘂𝗯 𝗔𝗰𝘁𝗶𝗼𝗻𝘀, spreads in 𝗿𝗲𝗮𝗹 𝘁𝗶𝗺𝗲. 📦 Notable: @𝗰𝘁𝗿𝗹/𝘁𝗶𝗻𝘆𝗰𝗼𝗹𝗼𝗿, 𝗻𝗴𝘅-𝘁𝗼𝗮𝘀𝘁𝗿, 𝗸𝗼𝗮𝟮-𝘀𝘄𝗮𝗴𝗴𝗲𝗿-𝘂𝗶, CrowdStrike pkgs. 📌 𝗟𝗶𝘃𝗲 𝘁𝗿𝗮𝗰𝗸𝗲𝗿 → koi.security/blog/shai-hulu… #npm #infosec #supplychain #nodejs

🚨 Using Axiom for trading? A new Firefox extension is targeting you. It claims "100% local execution" Reality? It steals your credentials + wallet info, sends them to a remote server, and hides behind obfuscation and anti-detection. Always verify in Koidex ID: axiomtool

🚨 Edge users beware! The “Video Downloader” extension (video-downloader) is stealing all your cookies and sending them to an external server. This isn’t a downloader - it’s a data exfiltration tool. Extension ID: agkcnnlfkebmgmohngapnkfihefhkoia

Vital work. This is exactly why supply-chain security matters.

The easiest malware distribution channel to your org

+ Sentinel data in Advanced hunting, definitely a Game Changer #XDR #SIEM

Imagine being an American post 9/11, but instead of mourning your people you are busy convincing the world that the twin towers actually existed, that airplains literally crashed into them, that actual people were jumping down. This is how I feel wandering around here these days

His name is Tarek Abu-Arar, an Arab Muslim Israeli doctor. On a Saturday morning, he was driving to his hospital shift when he suddenly came across a person lying by the roadside. When he got out of the car and approached to help, that person shot Tarek. He was a Hamas terrorist. Suddenly, ten more terrorists emerged from the bushes, taking him at gunpoint as a hostage while continuing to shoot at passing cars and kill civilians. When the military forces arrived, the fucking terrorists used Tarek as their human shield, all while he bled profusely and prayed in Arabic for mercy. Throughout this nightmare, the terrorists knew Tarek was an Arab, they knew he was a Muslim, and they simply didn't care. Tarek was eventually rescued and remained alive by a miracle, but many Arab-Israeli lives have been taken by Hamas on that tragic day. To Hamas, it doesn't matter if you're Muslim or Jewish; their only faith is in murder. Please share #HamasisISIS

Heartbroken by the horrific terrorist attacks on Israel and the escalating conflict. My deepest condolences are with all those killed and impacted. Our focus remains on ensuring the safety of our employees and their families. Below is a message we shared with Microsoft employees today about our response. blogs.microsoft.com/blog/2023/10/1…

@satyanadella Thank you for supporting ILDC🇮🇱🤍💙

@POTUS Thank you🇮🇱🇮🇱🇮🇱🇮🇱🫶🏽🫶🏽🫶🏽🫶🏽🤍🤍🤍🤍

There are moments in this life where pure evil is unleashed on the world – the people of Israel experienced one this past weekend. This is terrorism.

Join me as I deliver remarks on the terrorist attacks in Israel. twitter.com/i/broadcasts/1…

Imagine the worst things possible that can be done to humans. Hamas did all of that and more to Israeli civilians. Babies beheaded. People burned alive in their homes. Women raped and dragged through the streets. Don’t look away.

Respond to threats in near real-time with custom detections, now in Microsoft 365 Defender aka.ms/AAjy3k8 #ThreatHunting #cybersecurity #IncidentResponse #XDR

Use the new query resources report in Microsoft 365 Defender to help you optimize your hunting performance! aka.ms/AAizwma #ThreatHunting #XDR #cybersecurity #microsoft365defender

Sometimes dreams come true - you can hunt in M365D without KQL! Try out our new query builder💫

#AdvancedHunting AADSignInEventsBeta table now includes EndpointCall field which indicates Azure AD endpoint involved in the request (including MFA requests: SAS:BeginAuth, SAS:ProcessAuth, SAS:EndAuth EndpointCalls). Happy hunting! #M365D

This video demonstrates ways you can optimize Kusto Query Language youtube.com/watch?v=ceYvRu…