shavit 🌸

♡

the fact you can wear a smart watch and it detects sickness ahead of time is crazy

More details about the attack - research.jfrog.com/post/axios-com… Despite the sophisticated cross-platform design, the threat actors made several errors in their malicious payload. The Linux-specific payload injection was actually broken.

ehh

what was your ranked maps loadout on your signup date? here's mine ranked=YYYY-MM-DD

@egeblc thanks for the corrections! (and my apologies for the misattribution) could you share hashes for newer samples you've found?

@shavitush I've been following this campaign for nearly 3 months, the newer samples have better evasion and anti-sandbox tricks.

New analysis: The MawaStealer actor from September is back, now abusing DLL sideloading via VLC to deliver Vidar Stealer v2. Similarly to before, it delivers via an anime torrent platform, disguising itself as highly-anticipated episodes. Full breakdown: gist.github.com/shavitush/9ae9…

@Pirat_Nation clickbait. the examples provided are vs wineserver sync, not vs esync/fsync, which are what people who actually game on linux have been using for years before ntsync

Wine 11 rewrites how Linux runs Windows games at the kernel level, and the speed gains are massive. NTSYNC support uses a new Linux kernel module to handle Windows-style thread synchronization directly at the kernel level. Notable benchmark gains (compared to basic upstream Wine without prior optimizations): - Dirt 3: around 110 FPS to over 860 FPS - Tiny Tina's Wonderlands: 130 FPS to 360 FPS - Resident Evil 2: 26 FPS to 77 FPS - Call of Juarez: around 100 FPS to 224 FPS

i don't know what i expected but it's 10x worse now than it was back when i posted this

@damster101 @YUUPHOBlC what "problem"? makeup being used to hide imperfections and enhance appearance? nothing stops you from doing it yourself and looking more presentable

@YUUPHOBlC doesn't solve the "problem" at all, though

when will men realize they can also wear makeup

@geminicli i find it hard to believe people unironically pay for this. bad ux regardless of terminal, even worse in containers/over ssh. and the models use the bash tool for everything. average session in gemini-cli ends with a bunch temp .py scripts to perform string replacement in files

@krejsavojtech21 are you 100% sure? it even matches up with their v2 changelog (other than the lack of obfuscation, as OLLVM wasn't ran on the sample): github.com/g0njxa/VidarSt…

@shavitush The final payload is not Vidar

@sagitz_ you've almost convinced me to leave malware research in favor of ai-slopping my way into the vulns world...

Claude just found a 0-day lol

@vxunderground not sure why i'm even touching obfuscated js during a weekend, but pretty much this entire thing is webpack bloat lol

There are people out there who unironically like deobfuscating stuff like this (see attached link). Imagine that level of schizophrenia. Imagine waking up and enjoying pain and suffering. raw.githubusercontent.com/Linux123123/fi…

When I shared that obfuscated Javascript payload that was targeting Grand Theft Auto V FiveM stuff, I had like 6 nerds pop out the bushes telling me how much they enjoy working with obfuscated payloads (Javascript, Lua, Powershell, etc). WHO ARE YOU PEOPLE? WHO HURT YOU?

@Tyl0us blazing fast and panic-free malware!

Did someone say C2 written in Rust 😉

@CCpromptChanges "auto updates for plugins" - ah yes, ai slop supply chain attacks. my favorite

Claude Code CLI 2.0.70 changelog: • Added Enter key to accept and submit prompt suggestions immediately (tab still accepts for editing) • Added wildcard syntax `mcp__server__*` for MCP tool permissions to allow or deny all tools from a server • Added auto-update toggle for plugin marketplaces, allowing per-marketplace control over automatic updates • Added `plan_mode_required` spawn parameter for teammates to require plan approval before implementing changes • Added `current_usage` field to status line input, enabling accurate context window percentage calculations • Fixed input being cleared when processing queued commands while the user was typing • Fixed prompt suggestions replacing typed input when pressing Tab • Fixed diff view not updating when terminal is resized • Improved memory usage by 3x for large conversations • Improved resolution of stats screenshots copied to clipboard (Ctrl+S) for crisper images • Removed # shortcut for quick memory entry (tell Claude to edit your CLAUDE.md instead) • Fix thinking mode toggle in /config not persisting correctly • Improve UI for file creation permission dialog Source: #2070" target="_blank" rel="nofollow noopener">github.com/anthropics/cla…

Anthropic just released Claude Code 2.0.70 13 CLI changes, details below.

@0DG_Gh05t5h311 @lauriewired YARA..

github.com/ZeroDayGang-gh… Huge shout out to @lauriewired , I know I’ve never met you personally but your content got me so fired up about C++, this update I would like to dedicate to you . ✌️

@_mohansolo @lukecodez package it as flatpak and put it up on flathub

@lukecodez How can we be better?

Worse IDE ever made

@bazzite_gg ublue rocks 💜 i used to rock bazzite for desktop and am on aurora now. you guys are doing incredible work, keep it up

Suffering from success

@idanbidani @JFrogSecurity if you're using JFrog Curation, the attack shouldn't have affected you; unless your policy was configured to be extremely permissive (which is what JFrog explicitly recommends against). there's IOCs in the blog post regardless

@JFrogSecurity research.jfrog.com/post/shai-hulu… thanks for the info. As Jfrog customer I'd appreciate an opinionated suggestions how to mitigate these attacks and a way to quickly find if these binaries were downloaded/cached

The JFrog security research team has identified what seems to be a new wave of the Shai Hulud supply-chain abuse in the npm ecosystem. Our team is actively monitoring the npm repository to detect more packages as the surge continues. In addition to the 459 publicly identified packages, the JFrog research team identified the following 181 packages that are also compromised: @accordproject/concerto-linter @accordproject/concerto-linter-default-ruleset @accordproject/concerto-metamodel @accordproject/concerto-types @accordproject/template-engine @alaan/s2s-auth @antstackio/eslint-config-antstack @antstackio/express-graphql-proxy @antstackio/graphql-body-parser @antstackio/json-to-graphql @antstackio/shelbysam @clausehq/flows-step-httprequest @clausehq/flows-step-mqtt @clausehq/flows-step-taskscreateurl @commute/market-data-chartjs @dev-blinq/blinqioclient @dev-blinq/cucumber-js @dev-blinq/ui-systems @everreal/react-charts @everreal/validate-esmoduleinterop-imports @faq-component/core @faq-component/react @fishingbooker/react-loader @fishingbooker/react-pagination @fishingbooker/react-raty @hover-design/core @hover-design/react @ifings/metatron3 @lessondesk/electron-group-api-client @lessondesk/material-icons @lessondesk/react-table-context @mparpaillon/page @ntnx/passport-wso2 @ntnx/t @osmanekrem/bmad @pradhumngautam/common-app @pruthvi21/use-debounce @relyt/claude-context-core @relyt/claude-context-mcp @relyt/mcp-server-relytone @seezo/sdr-mcp-server @sme-ui/aoma-vevasound-metadata-lib @suraj_h/medium-common @trpc-rate-limiter/cloudflare @trpc-rate-limiter/hono @varsityvibe/utils @voiceflow/alexa-types @voiceflow/anthropic @voiceflow/api-sdk @voiceflow/backend-utils @voiceflow/base-types @voiceflow/body-parser @voiceflow/chat-types @voiceflow/circleci-config-sdk-orb-import @voiceflow/commitlint-config @voiceflow/common @voiceflow/default-prompt-wrappers @voiceflow/dependency-cruiser-config @voiceflow/dtos-interact @voiceflow/encryption @voiceflow/eslint-config @voiceflow/eslint-plugin @voiceflow/exception @voiceflow/fetch @voiceflow/general-types @voiceflow/git-branch-check @voiceflow/google-dfes-types @voiceflow/google-types @voiceflow/husky-config @voiceflow/logger @voiceflow/metrics @voiceflow/natural-language-commander @voiceflow/nestjs-common @voiceflow/nestjs-mongodb @voiceflow/nestjs-rate-limit @voiceflow/nestjs-redis @voiceflow/nestjs-timeout @voiceflow/npm-package-json-lint-config @voiceflow/openai @voiceflow/pino @voiceflow/pino-pretty @voiceflow/prettier-config @voiceflow/react-chat @voiceflow/runtime @voiceflow/runtime-client-js @voiceflow/sdk-runtime @voiceflow/secrets-provider @voiceflow/semantic-release-config @voiceflow/serverless-plugin-typescript @voiceflow/slate-serializer @voiceflow/stitches-react @voiceflow/storybook-config @voiceflow/stylelint-config @voiceflow/test-common @voiceflow/tsconfig @voiceflow/tsconfig-paths @voiceflow/utils-designer @voiceflow/verror @voiceflow/vite-config @voiceflow/vitest-config @voiceflow/voice-types @voiceflow/voiceflow-types @voiceflow/widget 02-echo ai-crowl-shield arc-cli-fc automation_model benmostyn-frame-print bidirectional-adapter blob-to-base64 colors-regex composite-reducer css-dedoupe dashboard-empty-state dialogflow-es docusaurus-plugin-vanilla-extract dont-go email-deliverability-tester eslint-config-nitpicky expressos fat-fingered firestore-search-engine generator-meteor-stock generator-ng-itobuz gulp-inject-envs hover-design-prototype httpness hyper-fullfacing itobuz-angular-button jsonsurge kwami lang-codes mod10-check-digit n8n-nodes-vercel-ai-sdk n8n-nodes-viral-app next-simple-google-analytics next-styled-nprogress ngx-useful-swiper-prosenjit ngx-wooapi normal-store orchestrix package-tester pdf-annotation pkg-readme prime-one-table prompt-eng prompt-eng-server puny-req ra-auth-firebase react-favic react-hook-form-persist react-linear-loader react-micromodal.js react-native-google-maps-directions react-native-modest-checkbox react-native-modest-storage samesame selenium-session selenium-session-client shelf-jwt-sessions solomon-api-stories solomon-v3-stories solomon-v3-ui-wrapper south-african-id-info stat-fns super-commit svelte-toasty tanstack-shadcn-table tcsp tcsp-test-vd template-lib template-micro-service tiaan typefence upload-to-play-store use-unsaved-changes valid-south-african-id vf-oss-template web-scraper-mcp wellness-expert-ng-gallery zuper-stream For a full list of packages and remediation, see our technical blog post (link in comments)