Sabitlenmiş Tweet
bern 🦉
2K posts
bern 🦉
@vibern0
i build things at @gnosis_. nice and useful things for people
Earth Katılım Mayıs 2017
180 Takip Edilen497 Takipçiler
bern 🦉 retweetledi
‼️🚨 This is wild. OpenAI just confirmed it got hit in the TanStack npm supply chain attack, and the attackers were close to being able to ship malicious code inside official OpenAI software, signed and trusted, if their incident response had not caught it in time.
The campaign is the work of TeamPCP, the same crew running the Mini Shai-Hulud wave.
Two employee devices in OpenAI's corporate environment were compromised through the malicious TanStack packages.
The attackers used that foothold to reach a limited subset of internal source code repositories.
OpenAI says only "limited credential material" was successfully exfiltrated, with no customer data, production systems, intellectual property or deployed software impacted.
Here is the part that should grab your attention.
OpenAI is rotating its code-signing certificates and forcing every macOS user to update their OpenAI apps.
You do not rotate signing certs for "limited credential material."
You rotate signing certs when the attacker was close enough to signing malicious binaries as OpenAI.
The "we contained it in time" framing is doing serious heavy lifting here.
For wider context, the same TeamPCP wave also hit Mistral AI, UiPath, Guardrails AI, OpenSearch and SAP npm packages. The TanStack compromise is tracked as CVE-2026-45321 at CVSS 9.6, and Mistral AI source code is already being advertised for sale by the group.
English
@claudiashandi @stats_feed Não desfazendo que, há cuidados extras a ter que por cá não temos.
Português
@claudiashandi @stats_feed Posso dizer por experiência, o Brasil não é tão mau quanto o pintam, especialmente quem nunca lá foi. Já fui 2 vezes, ambas as vezes passei mais de um mês. Caminho na rua como eles. Calção, chinelo. Sei que é diferente ser mulher. Mas os brasileiros são incríveis.
Português
🇪🇸🇧🇷 Tenerife gets more tourists than Brazil despite being 0.02% of its size.
English
@joaointech ahahah muito bom. Tenho pensado em começar a fazer isto, mas sem a parte do tiktok. Completamente apoiado 💪
Português
O preço das casas em Portugal está tão absurdo que comecei a fazer vídeos no TikTok a mandar propostas ridículas para imóveis no OLX.
Nos últimos 6 dias:
- 100.000+ visualizações / dia
- centenas de agentes imobiliários irritados
- e descobri que 99% do país também acha que os preços estão absurdos.
Criei uma plataforma onde automatizamos propostas agressivas para imóveis completamente fora da realidade, e notificamos toda a gente quando alguém aceita uma.
irrealista.pt
Registem o vosso email para receberem uma notificação quando alguém aceitar uma proposta.
Português
bern 🦉 retweetledi
Update 5:05 PT: The attack has now expanded well beyond @TanStack and @Mistral.
373 malicious package-version entries across 169 npm package names, including @uipath, @squawk, @tallyui, @beproduct, and more.
The malware propagates by stealing your CI credentials and using them to publish new compromised versions.
Full IOCs, affected package list, and detection steps: aikido.dev/blog/mini-shai…
Aikido Security@AikidoSecurity
🚨 Update: @mistralai npm packages are now confirmed compromised as part of the ongoing Mini Shai Hulud attack. Affected versions: @mistralai/mistralai 2.2.2, 2.2.3, 2.2.4@mistralai/mistralai-azure 1.7.1, 1.7.2, 1.7.3@mistralai/mistralai-gcp 1.7.1, 1.7.2, 1.7.3If you use the Mistral SDK in any CI pipeline, treat your environment as compromised. Rotate npm tokens, GitHub PATs, and cloud credentials immediately.
English
bern 🦉 retweetledi
Easier way to protect yourself (if you are not infected yet) is to set a minimum release age in your package manager.
For @npmjs:
`npm config set min-release-age=2d`
For @pnpmjs:
`pnpm config set minimumReleaseAge 2880`
For @bunjavascript:
```
# In bunfig.toml
[install]
minimumReleaseAge = 172800
```
For Yarn:
`yarn config set npmMinimalAgeGate "48h"`
International Cyber Digest@IntCyberDigest
‼️🚨 BREAKING: A new npm supply-chain attack uses a dead-man's switch. The payload plants a watcher on your machine that nukes your home directory the second you revoke the GitHub token it stole from you. The compromise happened today, across 42 official tanstack npm packages, 84 malicious versions in total. tanstack/react-router alone pulls more than 12 million weekly downloads. The attacker forked TanStack's repository and pushed a single hidden commit. From there, they tricked TanStack's own release system into signing the malicious packages as if they were the real thing. To npm, and to anyone checking the cryptographic proof of origin (SLSA provenance), the poisoned versions looked 100% legitimate. Maintainer Tanner Linsley confirmed the whole team had 2FA enabled. It didn't matter. This is the first documented npm worm in history that ships with a valid, signed certificate of authenticity, the same one defenders rely on to know a package wasn't tampered with.
English
@psilvapereira92 @sionmatic 60 70 houve muita construção de apartamentos pequenos. Vejo muitos aqui no Porto/Gaia. 2000's eram na maioria maiores. Agora está a voltar-se ao mais pequeno novamente e sempre que são áreas amplas são considerados "luxo". Mas 100m2 não encaixa. Luxo (que vejo) é t3 >160m2
Português
@sionmatic Eu até me vou tentar informar com malta que conheço que vive cá em Barcelos nos “bairros”, (o de Chicago, a Quinta do Aparício, 1 de maio, etc) se os prédios lá (que devem ser da década de 70/80) têm t3 com essas configurações. Porque confesso que desconhecia
Português
Eu se calhar estou a viver no Mónaco e nem sabia.
475k por um T3 em Barcelos ?
Com 137m2 de área bruta ? Ou seja, desconta se as varandas e a garagem e sobra o quê ? Um quarto de hóspedes onde se dorme de pé ?
Crazy
Português
🌡️ Update: 100% sleep score with bathroom fan on to keep CO2 low
It sucks CO2 out of the room and creates a low pressure field that brings in new fresh air from outside the room
Last time 100% sleep was in an Airbnb in Brazil we stayed which was a house built in 1970s mostly wood and very breathable, but our house is modern and very insulated
So it seems it worked to improve our sleep
Science supports this: high CO2 levels above 1500 cause fragmented sleep, more brief awakenings, less deep sleep and worse REM
Also CO2 levels are a proxy for other air contaminants which build up in a closed bedroom so keeping it low is good
We can go lower to 400-500 ppm with a real bedroom fan/vent but again this is a good start
So if you're having sleep problems, check your CO2 levels
@levelsio@levelsio
🌡️ Update on the CO2 bedroom saga I tried this tip by @jesper_bee We have a bathroom in the bedroom with a vent (for removing humidity after showering), so I kept the door open and vent on Anyway it worked CO2 at night peaked at 850ppm, still a bit high but almost half of before with window closed, improvement Sleep was 95% on WHOOP and gf 91% on OURA (inb4 cancelled for tracking things *omg so neurotic*) Will try window open + bathroom vent open tonight but again sound outside at night is an issue The real solution is an inward vent tube to actual bedroom though, as I think the bathroom vent is outward and doesn't get us to 400ppm CO2 by itself Nice fresh air 💨
English
bern 🦉 retweetledi
Estamos a reabilitar 300 m² de património ancestral para criar o primeiro ecossistema de coworking rural 100% autónomo em Portugal.
#novosrurais #bitcoinvillage #bitcoin #portugal
Português
bern 🦉 retweetledi
Ontem ouvi numa televisão portuguesa que se vendem 80 mil embalagens de anti-depressivos e anti-psicóticos por dia em Portugal.
Os cálculos:
"80 000 embalagens/diaPor mês: 80 000 × 30 = 2 400 000 embalagens
Por ano: 80 000 × 365 ≈ 29 200 000 embalagens
Estimativa de pessoas medicadas (assumindo consumo regular):1 embalagem por pessoa/mês → ≈ 2,4 milhões de pessoas
1,2 embalagens por pessoa/mês → ≈ 2,0 milhões de pessoas
1,5 embalagens por pessoa/mês → ≈ 1,6 milhões de pessoas
Intervalo mais provável: 1,8 a 2,4 milhões de pessoas medicadas regularmente."
Isto é muita gente em sofrimento.
Foi para isto que se fez o 25 de Abril?
De seguida um médico foi entrevistado. Não é que o sacana afirmou que esse nível de medicação era um factor positivo de saúde pública? Que significava que mais pessoas se tratavam.
Uma loucura.
Português
bern 🦉 retweetledi
We've been building ZK infra at @HerodotusDev for 4 years. storage proofs, cross-chain verification, trust-minimized everything.
the Aave exploit broke my brain a little, not because it was sophisticated because the signs were right there and nobody had a way to catch them systematically.
So we vibecoded a thing. introducing Risklayer ↓
English
In 2020, four economists studied 2.7M US founders.
Top 0.1% by growth: average age 45.
A 50-year-old is nearly 2x more likely to build a runaway than a 30-year-old. Early 20s finished last.
The 20-something genius founder is a magazine story. You're still early.
English
@Marczeller @Timccopeland good old times
but I also don't live in Lisbon anymore
English
@Timccopeland Already did it for you launched the block cafe in Lisbon in 2017 and we went bankrupt during covid.
English
with crypto dead i'd love to just set up a coffee shop and chill out for a while
but IRL businesses make zero financial sense so it's a forever gone dream
Sonny@rawespresso
You walked through your old high street last week. Wilko's gone. WHSmith is gone. There's a row of vape shops on one street. A few more are Turkish barbers. There's a kebab shop where the Argos used to be. Half the units have 'TO LET' in the window. The town centre your parents grew up in doesn't exist anymore.
English
yesterday i had a question:
have i reached the half point of my life?
so i quickly built a calculator to figure it out
check your answer too, if you're curious
English
@jesse_vermeulen Throw another Claude request or check the other requests running 🫣
English
