Dimitris Moutsatsos

Apparently Claude dangerous-to-release Mythos is available via Amazon Bedrock. Anthropic is mastering marketing 😁

Türkiye is making its new Istanbul financial center tax-free to attract investors fleeing from Gulf countries.

Am I stoned right now? I must be stoned.

"We will always choose each other." Mission control has reacquired signal with the Artemis II crew after the mission’s planned loss of signal. Our astronauts are once again using the Deep Space Network to keep conversation and science data flowing between space and Earth.

The greatest free advert in history

Italy has declared that Netflix's recent price hikes from 2017 to 2024 were illegal and enacted without proper warning for customers. Netflix not only has to reduce its price in Italy, but pay customers back every cent they overpaid.

You have: - Datadog - Grafana - Prometheus - Jaeger - PagerDuty - Sentry - CloudWatch - Splunk You still found out about the production incident from a customer tweet. You do not have an observability problem. You have a signal-to-noise problem.

Tonight’s operation in Southern Iran which resulted in the successful rescue of a Weapons System Officer (WSO) onboard an American F-15E Strike Eagle downed Friday over Iran, involved hundreds of special forces troops and other military personnel, including members of the U.S. Navy’s SEAL Team Six, dozens of fighter and strike aircraft, helicopters, and cyber, space and other intelligence capabilities, officials tell The New York Times. Senior military officials described the mission to rescue the airman as “one of the most challenging and complex in the history of U.S. Special Operations” given the mountainous terrain, the airman’s injuries and Iranian forces rushing to the location in the mountains of Southern Iran. The WSO evaded Iranian forces for more than 24 hours, at one point hiking up a 7,000ft ridgeline, a senior U.S. military official said. U.S. attack aircraft dropped bombs and opened fire on Iranian convoys to keep them away from the area where the airman was hiding. As U.S. Special Forces converged on the downed airman, they fired their weapons to keep Iranian forces away from the rescue site, but did not engage in a firefight with the Iranians. In a final twist after the officer was rescued, two transport planes that would carry the commandos and the airmen to safety got stuck at a remote base in Iran. Commanders decided to fly in three new planes to extract all the U.S. military personnel and the airman, and they blew up the two disabled planes rather than have them fall into the hands of Iran’s Islamic Revolutionary Guard Corps (IRGC).

TOILET UPDATE: It is now available again. Following ~2 hours of pointing the vent at the sun, whatever was blocking it appears to have melted, and a waste dump was conducted. The crew can now dump the contents of their Contingency Urinals as required.

North Korean intelligence agents built an entire fake company to compromise one JavaScript developer. And it worked. UNC1069 didn't hack Axios. They befriended its maintainer. They cloned a real company founder's identity, built a branded Slack workspace with fake employee profiles and LinkedIn post channels, then scheduled a Microsoft Teams call with what appeared to be a full team. During the call, a fake error message said his system needed an update. He installed it. That update was the RAT. From one developer's laptop, they had everything: npm credentials, publishing access, the keys to a package installed in 80% of cloud environments. Axios gets 100 million downloads per week. The attackers published two poisoned versions at 12:21 AM UTC on a Sunday night, tagging both the latest and legacy branches within 39 minutes. The malicious dependency had been pre-staged 18 hours earlier with a clean decoy version to build registry history. Three separate RAT payloads were pre-built for macOS, Windows, and Linux. The malware self-deleted after execution to erase forensic evidence. The poisoned versions were live for about three hours before npm pulled them. Huntress observed 135 endpoints across all operating systems calling the attacker's command-and-control server during that window. Wiz found the malicious versions in roughly 3% of environments scanned. Every affected machine needs full credential rotation: npm tokens, AWS keys, SSH keys, CI/CD secrets, everything in .env files. The part that keeps getting worse: this isn't isolated. The same threat cluster compromised Trivy (a security scanner), KICS, LiteLLM, and multiple GitHub Actions in the two weeks before Axios. Google estimates hundreds of thousands of stolen secrets are now circulating from these combined attacks. The maintainer had 2FA enabled. He said himself: "I have 2FA/MFA on practically everything." The exact method of token compromise is still undetermined. One person. One fake Teams call. 100 million weekly downloads weaponized in under three hours. The npm ecosystem runs on mass trust in individual maintainers who volunteer their time, and North Korean intelligence now has a repeatable playbook for turning that trust into a delivery mechanism.