Arthur in The Clouds 🏳️‍🌈

Fin voilà quoi ;) #NationalComingOutDay

L’affiche de campagne de Léo Dagan a été mise à jour. Aucune originalité dans le programme : tout cramer pour repartir sur des bases saines.

Ça devrait toujours se passer comme ça en fait

L'argument de la sécurité par l'obscurité ... On leur dit ou pas ?

🎬🇫🇷 Mais oui, bien sûr... Parce que quand on gère les impôts de 68 millions de Français, quoi de mieux qu’une base de données de bureau des années 90 ? 🤔 impots.gouv .fr avec un backend Microsoft Access !! Très inhabituel et risqué pour un site gouvernemental national... ➡️ sqlmap passe, détecte une SQL injection blind tranquille ➡️ Tables listées, Microsoft_Access_masterdb, tout le bordel ➡️ Les Algériens LunarisSec trouvent ça en deux clics, balancent la preuve et la signalent gentiment à @gouvernementFR ! Access Sur le site des impôts En 2026... C’est pas un bug, c’est une performance artistique. Derrière l'État start-up nation se cache en vrai l'État disquette 3,5 pouces ! La dette elle est pas technique, elle est pathologique 😓 Tes déclarations fiscales, tes revenus, tes coordonnées, tout ça qui dort sur un truc que ta tante utilise encore pour son club de bridge ! Le correctif arrivera dans 6 mois ? ⚠️ Cette faille critique sur constitue une violation potentielle majeure du RGPD (art. 32) car elle expose des données personnelles à un risque élevé sans mesures de sécurité adéquates. @CNIL 👉 #Cybersécurité 🇫🇷🩸

@misterlittlenem Oh purée 😂

Anonymousseline

Bitwarden identified and contained a malicious package briefly distributed through the npm delivery path for the Bitwarden CLI in connection with the broader Checkmarx supply chain incident. No user vault data or production systems were compromised or at-risk. Additional details and updates are available here: community.bitwarden.com/t/bitwarden-st…

🚨🇫🇷 FLASH – Le gouvernement lance FranceFuite, une plateforme permettant de consulter en temps réel les fuites de données issues des services de l’État.

@Korben euh alors à voir ton dernier article, je vois qu’on a eu la même recherche pour permettre à des gens de balancer leurs photos/video d’un event… j’ai codé ça pour moi lol github.com/acaranta/event… si jamais ça peut aider :)

Friday is coming…

Massive upgrade from an ugly nazi to a hot gay man 😍😍

The LiteLLM supply chain attack is big shenanigans. I have to explain the whole thingie though so you can get the full context of the shenanigans. TeamPCP (the people who probably did it) is unironically swinging a big ass fuck off baseball bat, they're swinging for the moon. tl;dr see picture of cat as summary I also want to preface this with I DID NOT PERFORM THIS ANALYSIS. I almost never do open-source solutions malware stuff and this is also more in the line of work with DFIR (Digital Forensics and Incident Response). This summary comes from various peers and colleagues of mine who have been discussing TeamPCP the past couple of days. DFIR nerds I sourced: - @ramimacisabird - @InsiderPhD Non DFIR nerds I sourced: - @IceSolst - @IntCyberDigest Yeah, so pretty much this group of nerds named TeamPCP bamboozled an open-source security product called Trivy. TeamPCP sent a pull request on GitHub but did it with "pull_request_target". Normally a pull request isn't a big deal. Nerds do it all the time. "pull_request_target" though is designed to copy secrets, tokens, etc. pull_request_target is a legit thing. People do it all the time. It should only be performed by people you trust. TeamPCP impersonated a legitimate GitHub contributor. Trivy was caught slippin'. When TeamPCP did pull_request_target they stole access tokens to a place called Aqua Security. Aqua Security was like, "lol gosh dang it" and did what you were supposed to do. They rotated access tokens and passwords and stuff. However, Aqua made an oopsie and forgot to rotate the stuff for one of their automation bots. Once TeamPCP had access they injected malicious code which steal environment variables, SSH keys, cloud credentials, cryptotokens, etc into three things. - Trivy - Trivy GitHub actions - Trivy Docker stuff As is tradition, once TeamPCP put malware into Trivy stuff, anyone who did anything with Trivy was given malware. TeamPCP got a metric poop ton of stolen data and began using it to move to NPM projects. The projects they infected next was infected with a malware people named "CanisterWorm". In extreme summary, CanisterWorm placed stuff in package.json from the infected NPM project. Every new infected NPM project would download malware to the machine that (unsurprisingly) stole your data. TeamPCP seems to have been inspired by the North Korean government, or ALPHV ransomware group, because instead of stealing data to their server they store it on the blockchain ... making it virtually impossible to takedown. LiteLLM takes place somewhere between Trivy and CanisterWorm. As of this writing the exact way TeamPCP got access to LiteLLM is unknown, however it's heavily speculated it is from Trivy. TeamPCP also stated very bluntly they got access from Trivy but ... they could also be lying. This may come as a surprise, but sometimes criminals lie to cover their tracks. LiteLLM infection though was a few more degrees amplified than the previous stuff. LiteLLM infection also attempts lateral movement by automating Kubernetes stuff. LiteLLM infection also steals a ton more data than previous stuff. Here is the big ass list of stuff it steals: - SSH keys - AWS credentials and configurations - GCP credentials and configurations - Azure environment variables - Kubernetes credentials and configurations - Environment configurations - Shell History - Git credentials and configurations - Docker credentials and configurations - Database instances - IaC / CI/DI - SSL private keys - Solana keys - Crypto wallets - VPN credentials and configurations - Hashicorp vault (?) - NPM configurations - SMTP credentials TeamPCP is unironically putting in big moves. What makes them unusual is how profoundly aggressive they are. It isn't uncommon for Threat Actors to attempt things like this, but TeamPCP is doing something more akin to "smash and grab" rather than "stay silent and watch".

Ils sont fous !

@misterlittlenem Ohhhh noice ! 🤗

Hair is hairing 🙄

this is art

@misterlittlenem Voiaaaaaallllaaaaa 🤗🤗🤗

@arthur_caranta Pas de graph mais j'ai des tableaux automatisés qui viennent s'alimenter des champs de la base de données donc assez simple à mettre en place 😂

Bonne question. Pas tant que ça en excluant mon mari. Il faudrait que j'aille vérifier sur mon fichier de suivi 😬

Monday Troll Crédit : @_SaxX_

La plus FOLLE application de : "Quand c'est gratuit, c'est que c'est toi le produit" qu'on ait JAMAIS VU 🤯 On a tous entraîné des IA gratos en lançant des poke balls.. Niantic vient de révéler que Pokémon Go a généré 30 milliards d'images 3D du monde réel, géolocalisées au centimètre. Ils s'en servent maintenant pour guider des robots livreurs dans les rues, sans GPS ! Aujourd'hui, >les scans sont impossibles à supprimer >Niantic a vendu Pokémon Go au fonds souverain saoudien pour $3.5B >et ils ont gardé toutes les datas pour shift sur la robotique La prochaine fois qu'une app te demande de scanner un truc gratuitement.. tu sais pourquoi 😉

POKÉMON GO PLAYERS TRAINED 30 BILLION IMAGE AI MAP Niantic says photos and scans collected through Pokémon Go and its AR apps have produced a massive dataset of more than 30 billion real-world images. The company is now using that data to power visual navigation for delivery robots, letting them identify exact locations on city streets without relying on GPS. Source: NewsForce