Thomas Dang

Follow me on mastodon, instagram, tiktok, and Facebook: @thomasdang" target="_blank" rel="nofollow noopener">infosec.exchange/@thomasdang instagram.com/thomasdangab/ @thomasdangab" target="_blank" rel="nofollow noopener">tiktok.com/@thomasdangab facebook.com/thomasdangab #ableg #yeg

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

Not because X, but because of Y. futurism.com/chatgpt-weird-… #ableg

On behalf of parents of young kids everywhere: THIS IS GREAT NEWS! (Also tip of the hat to my friend and former @albertaNDP MLA @ThomasDangAB who started this movement back in 2017)

Hey @ABDanielleSmith 👀 theglobeandmail.com/canada/article… Remember when we talked about this on your show a few years back? #ableg #yeg #DaylightSavingTime #DST

Geneviève Bergeron, Hélène Colgan, Nathalie Croteau, Barbara Daigneault, Anne-Marie Edward, Maud Haviernick, Maryse Laganière, Maryse Leclair, Anne-Marie Lemay, Sonia Pelletier, Michèle Richard, Annie St-Arneault, Annie Turcotte, and Barbara Klucznik-Widajewicz. Never forget.

@accomplisheddog @TheBreakdownAB New phone who dis

@TheBreakdownAB Anyone remember when Thomas Dang hacked Covid-19 vaccination records using Kenney’s data? And the consequences that he faced and accepted. Will there be similiar accountability by the UCP for Nally accessing private info?

Wait WHAT?!? Dale Nally somehow audited the voting records of Albertans and is using that as a metric for who can initiate recall? And now all of the applicant statements and member statements have been removed from Elections Alberta? #abpoli #ableg #cdnpoli

@EmmaLGraney 🍕🍍

🇨🇦 #cdnpoli

And everyone in InfoSec is busy debating accidentally hiring people from North Korea x.com/catsnkittys/st…

Microsoft has officially announced that Windows Server Update Services (WSUS) is now deprecated, but plans to maintain current functionality and continue publishing updates through the channel. bleepingcomputer.com/news/microsoft…

Looks like @idalsin got some cool stickers for #defcon this year. #defcon32 #yegsec

we got an ~RCE on M365 Copilot by sending an email by ~RCE I mean full remote control over its actions - search for sensitive content (sharepoint, email, calendar, teams), execute plugins and outputs - bypass DLP controls, manipulate references, social engineer its users on our behalf #BHUSA #DEFCON @tamirishaysh

(1/3) Maybe the right words will come eventually. Maybe once the dust settles, and the rain falls, and we have an accurate assessment of the damage, maybe then we’ll be able to fully express our sadness about Jasper’s recent tragedy and our gratitude to the heroes who’ve been

As someone who spent many summers as a kid - and as an adult explored much of the back country, there are no words to describe this. My heart goes out to everyone impacted. Thank you to the first responders that still work tirelessly to save as much as they can. #MyJasper

Thinking of all the Security Teams and sysadmins desperately trying to bulk deploy a fix that is inherently manual...

Hung out with old friends at the Rachel Notley Memorial Gala last night! Reports of her death have been greatly exaggerated... Thank you @RachelNotley for the amazing work you've done for our movement and our party. Alberta is better because of you. #ableg #yyc #abndp #ndp

Repeat after me: Patching an already compromised system won’t solve the problem #PaloAlto

#YEG theatre friends - if you are looking for an amazing show with a cast who is clearly acting their hearts out - check out Theatre Yes and their show The Pillowman. The space and show just work. You'll be glad. #theatre theatreyes.com/theatre-yes

@ihackedwhat @Gizmodo Not only are other devices purpose built for this (pineapple etc.), but even just going after Tesla in this case feels like click bait. Phishing with MFA capture is nothing new and would work for various manufacturers such as GM or BMW who are using apps to control vehicles.

Hey @Gizmodo , you're not helping. There are far easier ways to setup a fake captive portal. The use of a F0 is irrelevant to the issue. You had to go with the clickbait headline didn't you. gizmodo.com/want-to-steal-…