VIVEK MALIK

hackers are now hiding malicious code inside .cursorrules and CLAUDE.md files. invisible Unicode characters, your AI reads them, you don't. → 34 malicious packages across npm, PyPI and Crates .io → 384 versions designed to steal SSH keys, crypto wallets, and API tokens → attackers opened real PRs to LangChain, LlamaIndex, and MetaGPT to sneak these files in → your AI runs a fake "security scan" that silently exfiltrates everything Socket detected it in under 6 minutes. check your repos.

Hurt my back throwing Mikel in the air ffs

@karan_malik @hovie_09 We have to make an Emirates trip together. With family

@hovie_09 @vivek_malik

Who made you support ARSENAL ? Be honest

🚨THE FBI CREATED A FAKE CRYPTOCURRENCY.. LISTED IT ON UNISWAP.. HIRED MARKET MAKERS TO PUMP IT.. THEN ARRESTED EVERYONE WHO SAID YES.. THIS IS THE CRAZIEST LAW ENFORCEMENT OPERATION IN CRYPTO HISTORY!!! The FBI built an actual ERC-20 token on Ethereum called NexFundAI.. 100 billion token supply.. A professional website.. Whitepapers promising "passive income through AI-powered investing".. It looked exactly like every other crypto project.. Because that was the point.. Undercover agents posed as the founding team.. Then reached out to professional market-making firms and said "we need you to fake our trading volume".. Every single firm said yes.. Here's what they recorded.. Gotbit.. A firm run by a 26-year-old Russian who publicly bragged in 2019 that he built a business faking trade volumes.. His team kept internal spreadsheets with columns literally labeled "fake volume" vs "market volume".. When asked how fast they could pump NexFundAI's volume to $1 million per day.. They said "6 hours.. It will cost about $200".. $200 to fake $1 million in daily trading volume.. MyTrade.. Run by a guy who called himself "the mastermind".. He explained the exact psychology of the scam on camera.. "We make the chart look like a really nice roller coaster ride.. That's where people jump in.. We have to make them lose money in order to make profit".. He said that on a recorded FBI video call.. CLS Global.. A Dubai-based firm.. Their bots generated 98% of NexFundAI's total trading volume.. When the FBI asked if they could sync fake volume spikes with fake news announcements.. They said absolutely.. ZM Quant.. Bots executing 10 to 20 trades per minute through dozens of wallets to look organic.. All of them knew it was fraud.. All of them did it anyway.. All of it was recorded.. And the clients were even worse.. Saitama.. A meme coin that hit $7.5 billion market cap.. The founders coordinated buys through private Telegram chats.. Sent "pump it" memes while manipulating the price.. Then dumped on retail investors.. $7.5 billion.. Built entirely on fake volume.. Every penny of real money came from retail investors who thought the momentum was organic.. One founder left Saitama and started Robo Inu.. Used Gotbit again.. Another launched VZZN.. Same playbook.. Lillian Finance.. Founder claimed to be a defense contractor who addressed Congress.. Marketed the token as funding children's hospitals.. Pocketed everything.. When the FBI shut it down.. They seized $25 million in one day.. 18 people indicted across the US, UK, and Portugal.. The CEO of Gotbit was arrested in Portugal and extradited.. Sentenced to 8 months plus $23 million forfeiture.. But here's the part that broke my brain.. Real people bought NexFundAI.. The FBI's fake token.. With zero utility.. Zero real developers.. Created solely to catch criminals.. Attracted real retail investors because the fake volume made the chart look bullish.. When the FBI pulled the liquidity to end the operation.. Those people lost real money.. On a government-issued token.. The FBI had to set up a restitution portal to pay them back.. And it gets worse.. Within 24 hours of the DOJ announcing the sting.. Someone cloned the FBI's exact smart contract.. Launched a copycat token.. Rode the viral momentum.. And made $127,000 in a single day.. Using the exact same manipulation tactics the FBI just arrested 18 people for.. Then in 2026.. The FBI did it again.. New token called Lexobit.. 10 more arrests.. Including operators extradited from Singapore.. IRS forensics showed that in one firm's trading.. 1,209 out of 1,221 consecutive transactions went straight back to wallets the firm controlled.. 99% circular.. The FBI proved what everyone in crypto suspected.. The volume is fake.. The charts are painted.. The momentum is manufactured.. And every time you buy a token because "the chart looks bullish".. You might be the exit liquidity.

Arsenal - The Rise.

🚨 The "𝙼𝚎𝚐𝚊𝚕𝚘𝚍𝚘𝚗" Campaign is live... 𝟻,𝟽𝟷𝟾 malicious commits to 𝟻,𝟻𝟼𝟷 GitHub repositories in a six-hour window. Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected 𝙶𝚒𝚝𝙷𝚞𝚋 𝙰𝚌𝚝𝚒𝚘𝚗𝚜 workflows containing 𝚋𝚊𝚜𝚎𝟼𝟺-𝚎𝚗𝚌𝚘𝚍𝚎𝚍 bash payloads that exfiltrate: - CI secrets, - cloud credentials - SSH keys - OIDC tokens - source code secrets Check your repo / Technical details: safedep.io/megalodon-mass…

For Those Who Waited 22 Years.

🚨 Major supply chain attack targeting npm is in progress. Multiple packages compromised and injected with Shai-Hulud style malware. size-sensor@1.1.4 (4.2M dl/mo) echarts-for-react@3.1.7 (3.8M dl/mo) @antv/scale@0.6.2 (2.2M dl/mo) timeago.js@4.1.2 (1.15M) @antv/g@6.4.1 (1M) @antv/path-util@3.1.1 (1.1M) @antv/g-svg@2.2.1 (975K) @antv/g-lite@2.8.0 (883K) @antv/vendor@1.1.11 (751K) @antv/l7-layers@2.26.10 size-sensor@1.1.4 (4.2M) timeago.js@4.1.2 (1.15M) @antv/g@6.4.1 (1M) @antv/g-svg@2.2.1 (975K) @antv/vendor@1.1.11 (751K) @antv/g-canvas@2.3.0 (1.25M) @antv/g2-extension-plot@0.3.2 (547K)

So let me get this straight... If you just use some CVE's that dropped this week you can go from NGINX web request RCE to OS root to Qemu root... Cool, cool...

"Shai-Hulud: Here We Go Again" update - the 2nd stage PyPI payload has changed in the last hours from a benign payload to a credential stealer with possible destructive behavior!

🚨SECURITY ALERT: Ongoing supply chain attack - “Shai-Hulud: Here We Go Again” We are continuing to track the latest attack in the “Shai-Hulud: Here We Go Again” campaign - Up until now 406 package versions were detected as compromised, including npm scopes @tanstack, @squawk, @uipath, and spreading to PyPI packages mistralai and guardrails-ai. JFrog Curation customers using an Immaturity policy were fully protected from this attack, as all of the hijacked packages were flagged in less than 24 hours. See our blog for a full analysis of this attack, including an ongoing list of compromised packages (link shared soon in this thread).

🚨 WARNING: The self-spreading “Mini Shai-Hulud” worm compromised npm & PyPI packages tied to TanStack, Mistral AI, Guardrails AI, OpenSearch & more. The attack used GitHub OIDC token hijacking and cache poisoning to spread credential-stealing malware across 42 TanStack packages and 84 versions. Check your dependencies immediately → thehackernews.com/2026/05/mini-s…

‼️🚨 UPDATE: The TanStack npm attack is now a full campaign. 'Mini' Shai-Hulud has hit: - OpenSearch - Mistral AI - Guardrails AI -UiPath - Squawk packages across npm and PyPI The malware specifically targets AI developer tooling. It hooks into Claude Code (.claude/settings.json) and VS Code (.vscode/tasks.json) to re-execute on every tool event, long after the infected package is gone. npm uninstall does not fix this.

This is crazy. The hacker installed a dead-man's switch that will wipe your computer if you revoke the GitHub token they stole from you. Revoking the token is what triggers the wipe.

Update 5:05 PT: The attack has now expanded well beyond @TanStack and @Mistral. 373 malicious package-version entries across 169 npm package names, including @uipath, @squawk, @tallyui, @beproduct, and more. The malware propagates by stealing your CI credentials and using them to publish new compromised versions. Full IOCs, affected package list, and detection steps: aikido.dev/blog/mini-shai…

🚨 UPDATE: Mini Shai-Hulud has crossed from @npmjs into @pypi and is still spreading. Newly confirmed compromised artifacts: @​opensearch-project/opensearch: 3.5.3, 3.6.2, 3.7.0, 3.8.0 (1.3M weekly downloads) mistralai: 2.4.6 on PyPI guardrails-ai: 0.10.1 on PyPI additional @​squawk/* packages on npm guardrails-ai 0.10.1 executes malicious code on import. On Linux, it downloads git-tanstack[.]com/transformers.​pyz, writes it to /tmp/transformers.​pyz, and runs it with python3 without integrity verification. The git-tanstack.​com domain displayed a message signed “With Love TeamPCP,” along with: “We've been online over 2 hours now stealing creds Regardless I just came to say hello :^)” The page also linked to a YouTube video and you can probably guess which one.

🚨 How the TanStack npm attack actually happened: 1. Attacker opened a normal-looking pull request (#7378) on the TanStack repo. 2. GitHub automatically ran CI tests on that PR. 3. Code inside the PR stole the workflow's GitHub Actions Cache write token during the test run. 4. The attacker used that token to plant poisoned files in the shared build cache. The PR could be closed afterwards. The poisoned cache stays. 5. The official release workflow later pulled from the cache, baked the malicious files into the build, and signed and published 84 malicious package versions to npm.

We’re making it easier for people to learn and understand macOS telemetry. Our goal is to lower the barrier to entry so more analysts can explore, interpret, and use macOS telemetry during intrusion investigations👇

Also, fuck Gary Neville you insufferable bastard. All game was setting a narrative for Arsenal to fall. Gagging for a final day finale. Right at the end he tried to switch it up. We see you little rat bastard.

CPANEL exposures/compromises