bood

3.4K posts

bood

@_Bood

▶️ https://t.co/ayv0OsqLYX

Nuevo León, México Katılım Ağustos 2011

490 Takip Edilen203 Takipçiler

bood retweetledi

basil@BasiilLeaf·1d

new hobby just dropped

English

2.3K

21.6K

366.2K

bood@_Bood·4d

Weekly armory #1 R1 Marlynn ⚔️ R2 Gravy ⚔️ R3 Dash IO ⚔️ R4 Mario ❌ Armory #2 R1 Vynnset ⚔️ R2 Dash IO ⚔️ R3 Oscilio ❌ #fabtcg

103

bood retweetledi

Flesh and Blood@fabtcg·5d

We've heard your cries... #fabtolatam Read the update: buff.ly/vIDwHYk

English

209

17.1K

bood retweetledi

Call me Khaleesi 🐉☕🐉☕🐉@MirSpielrein·6d

💸💸💸

QME

665

40.7K

bood retweetledi

Luis Lira 👾@Luis_LiraC·13 May

El ecosistema de JavaScript en estos momentos se siente así

Español

253

bood retweetledi

Ojos color sol@ojoscol0rsol·7 May

ZXX

4.8K

16.3K

209.2K

bood@_Bood·4 May

Semana de testeo ☠️ #fabtcg

Español

bood retweetledi

Karthik@karthikponna19·3 May

"it worked on production just like it did on localhost"

English

126

1.2K

14.6K

512.8K

bood retweetledi

Andrew Brown@andrewbrown·2 May

If we are redesigning GitHub lets do it in the style of Final Fantasy / Dragon Quest.

English

101

402

3.8K

129K

bood retweetledi

Gajus@kuizinas·30 Nis

There is a surge of supply chain attacks (and it is only going to get worse) If you are using pnpm, take these steps to protect yourself: * set minimumReleaseAge to 7 days * set blockExoticSubdeps to true * configure onlyBuiltDependencies npm / yarn have similar settings

Socket@SocketSecurity

🚨 We’ve confirmed the intercom-client @7.0.4 was compromised in the ongoing Mini Shai-Hulud worm attack. The npm package includes a malicious preinstall hook that downloads and executes an unverified Bun binary, then runs an 11.7 MB obfuscated payload designed to steal Kubernetes, Vault, cloud, GitHub, and CI/CD secrets. The attack closely overlaps with the SAP CAP, Cloud MTA, and lightning@2.6.2 compromises.

English

716

141.3K

bood retweetledi

Flesh and Blood@fabtcg·30 Nis

Learn from the best with a monthly Masterclass lesson from renowned pro player Yuki Lee Bender! ⚡️ This month, Yuki breaks down a critically important element of Flesh and Blood – defending 🛡️ Learn when and why to defend, and more: buff.ly/RKi99QW

English

112

6.3K

bood retweetledi

trash@trashh_dev·30 Nis

mood

English

1.1K

22K

bood retweetledi

Christoffer Bjelke@chribjel·29 Nis

Ai generated prs be like

English

212

4.2K

112.2K

bood retweetledi

Sarah Gooding@sarahgooding·30 Nis

TL;DR: - Maintainer controls the unscoped tanstack npm package - README presents it as “TanStack Player” - Package is not affiliated with TanStack - Maintainer demands $10k from TanStack creator - TanStack files legal docs related to a pending trademark infringement claim - No response from npm on the brand-squatting - Package later ships malware that steals .env files This is another form of abuse OSS maintainers are forced to deal with: brand impersonation, extortion attempts, and platform inaction until users are finally exposed to malware.

Socket@SocketSecurity

🚨 A brand-squatting npm package impersonating TanStack shipped malicious versions that exfiltrate environment variables from developers’ machines during install. We spoke to @tannerlinsley, creator of @tan_stack, who confirmed that the maintainer of the unscoped tanstack package is not associated with TanStack or the official @tanstack/* projects in any way. The package is unrelated to the project's official CLI, and represents an ongoing brandjacking issue. He also said TanStack has filed legal documents related to a pending trademark infringement claim against the maintainer, that the maintainer previously demanded $10,000 from him, and that TanStack has repeatedly tried, unsuccessfully, to get @npmjs to address the situation.

English

293

28.9K

bood retweetledi

smol silly cat@Catsillyness·27 Nis

ZXX

3.3K

32.7K

281.2K

bood retweetledi

Socket@SocketSecurity·22 Nis

Full technical analysis: socket.dev/blog/checkmarx… We’ll keep updating the post as we learn more.

English

bood retweetledi

Socket@SocketSecurity·22 Nis

🚨 BREAKING: Socket and @Docker uncovered what appears to be a broader Checkmarx supply chain compromise affecting official KICS Docker images and recent Checkmarx VS Code extension releases. We found malicious images in the official checkmarx/kics Docker Hub repo, including overwritten tags and a new tag outside the normal release flow. Our analysis also found signs that recent Checkmarx extension releases introduced code capable of downloading and executing what appears to be a malicious remote addon. We’re in touch with the Checkmarx team and still investigating the incident.

English

144

583

186.6K

bood retweetledi

Het Mehta@hetmehtaa·22 Nis

OWASP just dropped APTS A governance standard for autonomous pentesting platforms. Not a methodology. A control layer. Focus: scope enforcement, safe autonomy, manipulation resistance, accountability. As AI-driven testing scales, this is the guardrail the industry needed. github.com/OWASP/APTS

English

103

425

31.2K

bood retweetledi

International Cyber Digest@IntCyberDigest·22 Nis

Oh my, if you're having a bad day you should look at this person's day. 💀

English

105

2.9K

258.2K

bood retweetledi

Austin@cardgametrash·9 Nis

Now that Yokohama is upon us I realized I almost forgot to clout farm If you haven't heard yet, I got Top 8 - 1st seed with Young Man Gravy himself R1 Valda W R2 Ira W R3 Kano W R4 Lexi W R5 Enigma W R6 Dori W R7 Oldhim L Died to Ira in top 8 Decklist below #fabtcg

TOKYO FAB@tokyofabtcg

SE２回戦目までの結果はこちら‼️

English

6.2K

Keşfet

@Docker @elonmusk @BarackObama @taylorswift13 @cristiano @BillGates @NASA @nikifrancismediavine