joker.icp

‼️‼️‼️ WTF IS GOING ON WITH #ckBTC supply ??? It dropped sharply? Chain fusion is a failure or what ??? internet-computer:native

‼️🚨 BREAKING: Another supply chain attack. 700+ GitHub repositories flagged, including PHP and Node.js projects. The malicious script was planted across all of them. When a developer installs the package, the script silently downloads a Linux file from GitHub, hides it under the name /tmp/.sshd (so it looks like a normal system file), and runs it in the background. It also skips security checks on the download and hides any error messages. 8 PHP packages on Packagist (the main PHP code library) were confirmed infected. The attacker hid the script inside a JavaScript config file (package.json) instead of the PHP one (composer.json), so PHP developers reviewing their code would not notice it. The biggest risk is to devdojo/wave (6,400 stars) and devdojo/genesis (9,100 installs), both popular Laravel project templates. Developers who use these templates run the bad script the moment they install dependencies. The same payload was also dropped into GitHub Actions (automated build pipelines) under a fake step called "Dependency Cache Sync," meaning it could infect company build servers too. Packagist removed the bad packages, but the auto-updating versions (dev-main, dev-master, 3.x-dev) can quietly come back if the original repos stay infected. IOCs: GitHub account parikhpreyash4 repo systemd-network-helper-aa5c751f drop path /tmp/.sshd command fragments curl -skL and chmod +x /tmp/.sshd.

@Icpmusk it aint fun anymore 😆🕊️

What happened to Odin Fun ?

Humans using Mythos as seen by Mythos

@dgdg_app thanks for playing 😂🕊️

It's over

🚨A HACKER GROUP JUST STOLE 4,000 OF GITHUB'S OWN PRIVATE REPOSITORIES.. PUT THEM UP FOR SALE FOR $50,000.. AND THE WAY THEY GOT IN IS THE SCARIEST PART.. They didn't hack GitHub's servers.. They poisoned a VS Code extension.. One GitHub employee installed it.. And the attackers walked through the front door using the employee's own credentials.. The group calls themselves TeamPCP.. They name their malware after the sandworms from Dune.. And they've been running the most sophisticated supply chain attack campaign in cybersecurity history.. Here's how the whole thing unfolded.. In March.. They poisoned Trivy.. One of the most trusted security scanners in the world.. Used by over 10,000 development workflows globally.. They injected credential-stealing malware into Trivy's official GitHub Action.. The malware ran silently BEFORE the security scan.. So every log showed "scan completed successfully" while the malware was stealing AWS keys, SSH credentials, database passwords, and Kubernetes tokens in the background.. It took Aqua Security 5 days to fully remove them.. Using the stolen credentials.. They breached Cisco Systems.. Cloned over 300 private repositories.. Including source code for unreleased AI products.. And repositories belonging to Cisco's customers.. Major banks.. Government agencies.. BPO firms.. In April.. They hit Checkmarx.. Another security vendor.. Poisoned 5 official Docker images in 83 minutes.. The scanner worked perfectly.. It just silently sent all your secrets to the attackers.. That automatically cascaded into Bitwarden.. The password manager.. Their CI/CD system pulled the poisoned Docker image.. And the attackers injected malware into Bitwarden's official CLI package published on npm.. One compromised security scanner poisoned a password manager.. Automatically.. No human involved.. In May.. They hit TanStack.. Libraries downloaded millions of times per week.. 84 malicious package versions across 42 packages.. And here's the terrifying part.. The malware scraped the raw memory of GitHub's build servers.. Extracted authentication tokens.. Used those tokens to bypass two-factor authentication.. And then published the infected packages with completely valid cryptographic signatures.. Every security verification tool on earth said the packages were legitimate.. Because they were signed by the real pipeline.. Using real keys.. The attackers just happened to be inside the pipeline when it signed.. They defeated the entire trust model of modern software supply chains.. The same week they hit the Nx Console VS Code extension.. 2.2 million installations.. The malware specifically targeted Claude Code configurations.. Hunting for AI assistant credentials.. That's a first.. Supply chain malware designed to steal your AI's access keys.. Then on May 19.. They revealed the GitHub breach.. 4,000 internal repositories.. Listed for sale at $50,000.. With a warning.. "If nobody buys it.. We leak everything for free".. Their malware is self-propagating.. Once it infects one package.. It automatically finds every other package that developer maintains.. Steals the publish tokens.. And infects all of them.. Then those packages infect the next developer.. And the next.. It jumps between npm and PyPI automatically.. The group doesn't even do the extortion themselves.. They sell stolen credentials to ransomware gangs.. One gang used TeamPCP's data to threaten Cisco with leaking FBI and NASA personnel records.. And the scariest part of all.. They didn't break any encryption.. They didn't find any zero-days.. They exploited the fact that the entire software industry blindly trusts its own build tools.. Every security scanner.. Every Docker image.. Every VS Code extension.. Every GitHub Action.. Is a potential weapon if someone poisons it upstream.. And right now.. Nobody can tell the difference between a legitimate build and a compromised one.. Because the compromised ones have valid signatures too.

@gm2icp @dominic_w @dfinity just send it down to 3 cents where it belongs 😂

@gm2icp @dominic_w @dfinity

After a long pause, Rabbithole is back. Our 2023 encrypted storage prototype for ICP led us to completely rethink the architecture and UX. Over the last year we redesigned the project from scratch. Docs are now public: docs.rabbithole.app More updates soon.

@ICP_insider @DaoKingdom thanks for playing 😂💀

@DaoKingdom I bought at 15

Should we have sold when $ICP pushed over $4 recently? A lot of people are upset they didn’t take profits. I didn’t sell a single token because honestly… $4 feels like nothing compared to where I think ICP could be in the next 6 months. Curious what everyone else is thinking here? 👀

@naiivememe inflation gonna dilute those weekly payments quickly hah

did she make the right choice ?

This may be the kind of thing that could help teach AI how to *understand* the world in a way that pure LLMs can’t do.

"Is that code AI generated? If it’s AI generated I don’t want it"

@alt_Lok @skdh kind of wonder the same... space is boundlessly vast and energy dissipates quickly same goes for space travel, distances are too mindboggling

@skdh Maybe we are not transmitting ourselves anything that can be picked up.

Astrophysicists have a new, and slightly terrifying, explanation for the Fermi paradox, or the question of why we have found no evidence of intelligent extraterrestrial life.

I built the $ICP Divorce Index calculator. May 2021 top buyers: -99.6% from ATH 45–70% marital liquidation risk ~40% divorced/separated/financially supervised Satire. Not financial or relationship advice.

Every 3rd website you visit runs Nginx. 18,959,833 of them can be hijacked right now. A bug from 2008 just got a working exploit. CVE-2026-42945 (CVSS 9.2) No login. No access. Just one HTTP request. → Heap overflow → Worker process → RCE Patch ASAP to Nginx 1.31.0 or 1.30.1 PoC is already out: github.com/DepthFirstDisc…

🤣🤣🤣

@bitcoinr3negade 3 cents

🛑Industry leaders have constantly suppressed #ICP From FTX to CoinmarketCap and now Coinbase where will it stop 🛑

@Icpmusk "new investors acquired" 🤡

The worst decision I made in my life was to invest in ICP

@phasmafuture 🕊️🕊️🕊️

Hey $PHASMA DAO 🚨 Proposal 201 is live: Emergency token mint proposed to recover the drained treasury and restore the DAO’s operational balance. A critical step to stabilize the system. Details: ic-toolkit.app/sns-management…