bLd v7.59
9.2K posts
bLd v7.59
@bLd77
personal account | tech guy at @StartaleGroup building @AstarNetwork, @soneium & more | blockchain & infra
Katılım Nisan 2010
1.6K Takip Edilen1.9K Takipçiler
🚨A HACKER GROUP JUST STOLE 4,000 OF GITHUB'S OWN PRIVATE REPOSITORIES.. PUT THEM UP FOR SALE FOR $50,000.. AND THE WAY THEY GOT IN IS THE SCARIEST PART..
They didn't hack GitHub's servers.. They poisoned a VS Code extension.. One GitHub employee installed it.. And the attackers walked through the front door using the employee's own credentials..
The group calls themselves TeamPCP.. They name their malware after the sandworms from Dune.. And they've been running the most sophisticated supply chain attack campaign in cybersecurity history..
Here's how the whole thing unfolded..
In March.. They poisoned Trivy.. One of the most trusted security scanners in the world.. Used by over 10,000 development workflows globally..
They injected credential-stealing malware into Trivy's official GitHub Action.. The malware ran silently BEFORE the security scan.. So every log showed "scan completed successfully" while the malware was stealing AWS keys, SSH credentials, database passwords, and Kubernetes tokens in the background..
It took Aqua Security 5 days to fully remove them..
Using the stolen credentials.. They breached Cisco Systems.. Cloned over 300 private repositories.. Including source code for unreleased AI products.. And repositories belonging to Cisco's customers.. Major banks.. Government agencies.. BPO firms..
In April.. They hit Checkmarx.. Another security vendor.. Poisoned 5 official Docker images in 83 minutes.. The scanner worked perfectly.. It just silently sent all your secrets to the attackers..
That automatically cascaded into Bitwarden.. The password manager.. Their CI/CD system pulled the poisoned Docker image.. And the attackers injected malware into Bitwarden's official CLI package published on npm..
One compromised security scanner poisoned a password manager.. Automatically.. No human involved..
In May.. They hit TanStack.. Libraries downloaded millions of times per week.. 84 malicious package versions across 42 packages..
And here's the terrifying part..
The malware scraped the raw memory of GitHub's build servers.. Extracted authentication tokens.. Used those tokens to bypass two-factor authentication.. And then published the infected packages with completely valid cryptographic signatures..
Every security verification tool on earth said the packages were legitimate.. Because they were signed by the real pipeline.. Using real keys.. The attackers just happened to be inside the pipeline when it signed..
They defeated the entire trust model of modern software supply chains..
The same week they hit the Nx Console VS Code extension.. 2.2 million installations.. The malware specifically targeted Claude Code configurations.. Hunting for AI assistant credentials..
That's a first.. Supply chain malware designed to steal your AI's access keys..
Then on May 19.. They revealed the GitHub breach.. 4,000 internal repositories.. Listed for sale at $50,000.. With a warning.. "If nobody buys it.. We leak everything for free"..
Their malware is self-propagating.. Once it infects one package.. It automatically finds every other package that developer maintains.. Steals the publish tokens.. And infects all of them.. Then those packages infect the next developer.. And the next..
It jumps between npm and PyPI automatically..
The group doesn't even do the extortion themselves.. They sell stolen credentials to ransomware gangs.. One gang used TeamPCP's data to threaten Cisco with leaking FBI and NASA personnel records..
And the scariest part of all..
They didn't break any encryption.. They didn't find any zero-days.. They exploited the fact that the entire software industry blindly trusts its own build tools..
Every security scanner.. Every Docker image.. Every VS Code extension.. Every GitHub Action.. Is a potential weapon if someone poisons it upstream..
And right now.. Nobody can tell the difference between a legitimate build and a compromised one..
Because the compromised ones have valid signatures too.
GitHub@github
We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.
English
accenture va licencier 11 000 personnes et habille tout ça en grande transformation IA
dites vous que le narratif officiel c’est que ces gens étaient pas reskillables alors que le vrai motif c’est qu’on facturait des journées à 3000 euros pour produire des slides que chatgpt pondrait en 4 minutes
en tout cas je remarque que l’IA a ENCORE UNE FOIS bon dos quand un modèle entier de conseil basé sur la rente intellectuelle et l’opacité méthodologique se fait progressivement disrupter par la transparence cognitive
le vrai signal c’est que les clients commencent enfin à mesurer la valeur livrée par rapport au prix facturé et que cette équation tient plus la route
et le plus ironique c’est que ces cabinets passent leur temps depuis des années à vendre des missions de «transformation digitale » et de pseudo« stratégie IA » à leurs propres clients pour des millions d’euros et que maintenant ils découvrent que la transformation digitale s’applique aussi à leur propre business model mdr
Shubh Jain@shubh19
🚨Accenture Lays Off Over 11,000 Employees in $865M AI-Driven Restructuring
Français
@BetterCallMedhi J'ai décroché sur toutes les fonctions en maths des années entières, puis je les ai apprises en physique élec et elles ont fait sens en l'espace d'un cours
Français
Patrice Caine a raison sur le constat mais je pense que le problème est encore plus profond que le niveau, c’est la manière même d’enseigner les maths en France qui est juste ARCHAÏQUE et je pèse chaque mot
je m’explique:
on prend des gamins de 12 ans et on leur fait résoudre des équations abstraites pendant des heures sans jamais leur expliquer pourquoi, à quoi ça sert dans le monde réel, quel problème concret ça résout
on leur balance des théorèmes, des démonstrations, des exercices mécaniques qu’ils apprennent par cœur pour le contrôle et qu’ils oublient 2 semaines après et ensuite on s’étonne qu’ils détestent les maths et qu’ils décrochent massivement au lycée
j’en ai souvent parlé ici mais je me rappelle quand je faisais des initiations à la robotique dans une association, des gamins de 13-17 ans qui étaient en échec total en maths à l’école devenaient fascinés quand ils comprenzient que la trigonométrie c’est ce qui permet de calculer l’orientation d’un bras robotique, les équations différentielles c’est ce qui stabilise un drone en vol, l’algèbre linéaire c’est ce qui permet à un robot de se repérer dans l’espace en 3D, les probas c’est ce ce qui permet à une IA de reconnaître un visage etc, etc
d’un coup les maths avaient du sens parce qu’ils voyaient le résultat physique devant leurs yeux, le moteur qui tourne, l’articulation qui bouge, le robot qui avance…et ces mêmes gamins qui avaient une moyenne plutôt faible en maths posaient des questions d’un profondeur qui aurait impressionné des étudiants en école d’ingé
et je pense que c’est exactement là que le système français échoue fondamentalement, il enseigne les maths comme une discipline abstraite & autoréférentielle au lieu de les enseigner comme un langage pour comprendre et construire le monde, les maths deviennent passionnantes quand elles résolvent un problème que vous pouvez toucher, voir et manipuler
en d’autres termes quand l’équation sur le papier fait bouger quelque chose dans le monde réel ÇA CHANGE ABSOLUMENT TOUT
je vais encore faire mon propagandiste du CCP (je dois honorer mon engagement) mais sachez que la Chine a compris ça il y a des années, ils ont intégré la robotique, l’électronique et la programmation directement dans le cursus mathématique dès le collège
par ex les gamins chinois apprennent la trigonométrie en programmant des servomoteurs et l’algèbre linéaire en faisant de la vision par ordinateur, le résultat c’est que la Chine produit chaque année des millions de jeunes qui voient les maths comme un outil de construction et de création alors que la France produit des millions de jeunes qui voient les maths comme un cauchemar abstrait qu’il faut endurer pour avoir le bac et après on se demande pourquoi on perd la course technologique
comme bcp de gens m’ont déjà demandé en dm ce qu’il fallait faire pour améliorer le niveau des gamins en math en France, j’ai pris le temps de matérialiser ma vision globale à travers ce post pour répondre de manière générale même s’il y a d’autres points que je pourrais aussi évoquer
voilà, voilà ;)
Français
@ydemombynes Du coup on split par wallet ou par adresse ça suffira ?
Je vois déjà le controller venir vérifier que chacune de tes adresses sont sur un wallet différent
Français
L'étau se resserre sur les portefeuilles cryptos auto-hébergés
Adopté hier en première lecture (NB : pas encore définitif)
assemblee-nationale.fr/dyn/17/textes/…
Français
This stunt was done by professional Linux user, don't try to reproduce it by any means
I laughed@found_it_funny
English
Wake up babe, Startale raised $63M 🥳
Startale 💿@StartaleGroup
We’re proud to announce that Startale Group has closed its $63M Series A, with an additional $50M investment from SBI Group. With backing from Sony Innovation Fund and SBI Group, Startale is building the global SuperApp and accelerating its vision of a fully integrated onchain financial and consumer ecosystem. One seamless experience on the @StartaleApp, connecting @soneium, Strium, @JPYStableCoin and USDSC.
English
@felixrieseberg Looks cool but I’m failing to see how much different it is than remote sessions launched last week with a memory instruction?
I like remote session cause you can run them on any headless
English
We're shipping a new feature in Claude Cowork as a research preview that I'm excited about: Dispatch!
One persistent conversation with Claude that runs on your computer. Message it from your phone. Come back to finished work.
To try it out, download Claude Desktop, then pair your phone.
English
You’re still figuring out how to spin up claws
Meanwhile, next gen AI is building
AMI Labs@amilabs
Advanced Machine Intelligence (AMI) is building a new breed of AI systems that understand the world, have persistent memory, can reason and plan, and are controllable and safe. We’ve raised a $1.03B (~€890M) round from global investors who believe in our vision of universally intelligent systems centered on world models. This round is co-led by Cathay Innovation, Greycroft, Hiro Capital, HV Capital, and Bezos Expeditions, along with other investors and angels across the world. We are a growing team of researchers and builders, operating in Paris, New York, Montreal and Singapore from day one. Read more: amilabs.xyz AMI - Real world. Real intelligence.
English
That is worth my RAM at the price of a gold pound, spread it!
Nature Moments@NatureMomentz
An NVIDIA powered farming machine uses Al vision and precision lasers to eliminate weeds in milliseconds without herbicides and without harming crops, a potential shift toward chemical free agriculture
English
@AbdelStark Tous les héros ne portent pas de cape, certains portent une baguette sous le bras 👏
Français
Doing my part 🫡🇫🇷🥖
Few days later, I already made 6 pull requests to the official MCP server of data gouv French governmental.
4 already been reviewed, and after some back and forth, merged into main.
Me contributing to open source French gov repo was also not on my 2026 bingo card lol.
Maintainers of the repo are super nice, and careful when doing code reviews. It's genuinely refreshing to see this from some governmental public services software.
This gave me some motivation to help them and contribute.
Would love to help more, even on higher level, to push further and harder on the agentic transition of France.
Macron, send me your best advisors, we can just do things.
abdel@AbdelStark
Official MCP server for the data(.)gouv(.)fr French governmental platform. Honestly I am genuinely surprised. Usually French is pretty slow (despite having some of the best talents in tech, math, AI etc) to adopt innovations especially for governmental services. I tried the MCP, works flawlessly and can be very useful. I think the repo can be more agentic native / friendly but it's a very nice initiative, love it! Franchement bravo
English
@noahzweben Thanks for answering though, really appreciate a human attention here :))
English
@noahzweben Ah ah thanks tried it all actually, up to give CLI password less sudo so it basically reverse engineered itself to have it tell me in the end that my administrator is Anthropic :)
Nw I’ll wait and stick to my vibe codes petting bot :)
github.com/bLd75/claude-t…
English
Rolling out Claude Code Remote Control to Pro users - because they deserve to use the bathroom too .
(Team and Enterprise coming soon).
🧻 Rolling out to 10% and ramping
1. Update to claude v2.1.58+
2. Try log-out and log-in to get fresh flag values.
3. /remote-control
GIF
English
Bottom line estimate:
Directly/explicitly AI-caused: ~55,000 (Challenger data, US only)
AI as contributing factor (restructuring enabled/accelerated by AI expectations): likely 200,000–300,000
Framed as AI but actually business/economic driven: the bulk of the remaining ~900K+ in 2025
English
Layoff Announcements:
1. US Government (DOGE): 317,000 employees
2. UPS: 78,000 employees
3. Amazon: 30,000 employees
4. Intel: 25,000 employees
5. Citigroup: 20,000 employees
6. Nissan: 20,000 employees
7. Nestlé: 16,000 employees
8. Microsoft: 15,000 employees
9. Bosch: 13,000 employees
10. Verizon: 13,000 employees
11. Dell: 12,000 employees
12. Accenture: 11,000 employees
13. Ford: 11,000 employees
14. Novo Nordisk: 9,000 employees
15. Procter & Gamble: 7,000 employees
16. HP Inc.: 6,000 employees
17. Heineken: 6,000 employees
18. Siemens: 5,600 employees
19. PwC: 5,600 employees
20. Dow Chemical: 4,500 employees
21. Salesforce: 4,000 employees
22. Lufthansa Group: 4,000 employees
23. ANZ Bank: 3,500 employees
24. GM (General Motors): 3,300 employees
25. ConocoPhillips: 3,000 employees
26. IBM: 2,700 employees
27. American Airlines: 2,700 employees
28. WiseTech: 2,000 employees
29. Morgan Stanley: 2,000 employees
30. Paramount: 2,000 employees
31. Starbucks: 2,000 employees
32. Target: 1,800 employees
33. Southwest Airlines: 1,750 employees
34. Meta: 1,500 employees
35. Applied Materials: 1,444 employees
36. Nike: 775 employees
37. Kroger: 1,000 employees
38. eBay: 800 employees
39. Block Inc. (Square/Cash App): 1,100 employees
AI is officially replacing jobs at mass scale in the US.
Where will all of these people go?
jack@jack
we're making @blocks smaller today. here's my note to the company. #### today we're making one of the hardest decisions in the history of our company: we're reducing our organization by nearly half, from over 10,000 people to just under 6,000. that means over 4,000 of you are being asked to leave or entering into consultation. i'll be straight about what's happening, why, and what it means for everyone. first off, if you're one of the people affected, you'll receive your salary for 20 weeks + 1 week per year of tenure, equity vested through the end of may, 6 months of health care, your corporate devices, and $5,000 to put toward whatever you need to help you in this transition (if you’re outside the U.S. you’ll receive similar support but exact details are going to vary based on local requirements). i want you to know that before anything else. everyone will be notified today, whether you're being asked to leave, entering consultation, or asked to stay. we're not making this decision because we're in trouble. our business is strong. gross profit continues to grow, we continue to serve more and more customers, and profitability is improving. but something has changed. we're already seeing that the intelligence tools we’re creating and using, paired with smaller and flatter teams, are enabling a new way of working which fundamentally changes what it means to build and run a company. and that's accelerating rapidly. i had two options: cut gradually over months or years as this shift plays out, or be honest about where we are and act on it now. i chose the latter. repeated rounds of cuts are destructive to morale, to focus, and to the trust that customers and shareholders place in our ability to lead. i'd rather take a hard, clear action now and build from a position we believe in than manage a slow reduction of people toward the same outcome. a smaller company also gives us the space to grow our business the right way, on our own terms, instead of constantly reacting to market pressures. a decision at this scale carries risk. but so does standing still. we've done a full review to determine the roles and people we require to reliably grow the business from here, and we've pressure-tested those decisions from multiple angles. i accept that we may have gotten some of them wrong, and we've built in flexibility to account for that, and do the right thing for our customers. we're not going to just disappear people from slack and email and pretend they were never here. communication channels will stay open through thursday evening (pacific) so everyone can say goodbye properly, and share whatever you wish. i'll also be hosting a live video session to thank everyone at 3:35pm pacific. i know doing it this way might feel awkward. i'd rather it feel awkward and human than efficient and cold. to those of you leaving…i’m grateful for you, and i’m sorry to put you through this. you built what this company is today. that's a fact that i'll honor forever. this decision is not a reflection of what you contributed. you will be a great contributor to any organization going forward. to those staying…i made this decision, and i'll own it. what i'm asking of you is to build with me. we're going to build this company with intelligence at the core of everything we do. how we work, how we create, how we serve our customers. our customers will feel this shift too, and we're going to help them navigate it: towards a future where they can build their own features directly, composed of our capabilities and served through our interfaces. that's what i'm focused on now. expect a note from me tomorrow. jack
English
Japan finally got its stable coin 🇯🇵
Startale 💿@StartaleGroup
🇯🇵 Startale Group and SBI Holdings introduce JPYSC, the first trust bank–backed JPY stablecoin issued by Shinsei Trust & Banking, with Startale Group building the technical foundation for regulated digital yen infrastructure. Here's what makes JPYSC a landmark moment 👇🏻
English
C’est très juste je trouve, ce que je me dis depuis un moment en voyant les progrès IA des dernier mois.
Je me demande comment ça réagit dans l’ « entreprise classique » que j’ai quitté depuis pas mal d’années, en startup on a jamais pu se « permettre » ces profils clones, question de survie.
Français
@retardmode just call it kkk safe heaven, your target audience is too retard to even understand what you're trying to do here
English
France is live with 14 data layers 🇫🇷
i worked with several French patriots to build this, its a shame what’s happening there
more countries, chrome extension, and pro features coming soon ($$$)
help map your area anonymously at peaceandquiet.io/france
retard mode ✞@retardmode
Canada is live with 25 data layers 🇨🇦 seemed like a lost cause to me but maybe this will open people’s eyes what i should add/remove/change? australia, italy, spain, france and germany coming soon find some peaceandquiet.io/canada eh
English