Jay Townsend

@maria_rcks is @theo aware that lakebed is down?

@jullerino This should help xattr -dr com.apple.quarantine /path/to/App.app

@troyhunt @OpenAI @haveibeenpwned @thsottiaux can you get this escalated?

Have I got any friends at @OpenAI that can help get our app submission for @haveibeenpwned through? After many hours of preparation, we're stuck on an endless loop of "This is a required field" without specifying the field, and they're all complete anyway 🤷‍♂️

@Real_JordanK @TwitchSupport @Twitch @theo you able to get this escalated?

@TwitchSupport "Appeal Status Rejected" Are you kidding me @Twitch??? After 12 years on the platform and never receiving a violation I'm getting falsely flagged and thrown out? This is absolutely ridiculous...

Been on the platform for 12 years now and have been full time for 4. Out of nowhere I get an email saying that my account has been indefinitely suspended with no reason why. Please fix this @TwitchSupport. I legitimately haven't done anything wrong.

But basically it takes a village to fix this is my point and everyone coming together to help is always going to be a big win on things like this, just coordination is the hard part

So my take on the whole supply chain malware chaos is that if registry’s could have a hook into something like @SocketSecurity that would be awesome, while also things like uv/pip/npm/bun/pnpm/yarn/cargo all having stronger defaults out of the box, devs/orgs using things like socket firewall and @step_security endpoint for supply chain issues as well. Combine that with my github.com/L1ghtn1ng/trac… and github.com/L1ghtn1ng/pack… and you will have a solid defense in depth approach on your dev systems. In then comes down to then suring up you ci/cd pipelines that step security can help with on that. Note package-checker is to check to make sure you have not already been compromised. Note2: traceguard is only for Linux #cybersecurity #sysadmin #blueteam #devops

@theo now that I know this take a look at my Apple Music curated music for heavy dnb music.apple.com/gb/playlist/he…

🤯 did not know @theo was into dnb?

@davis7 you know the whole bash is not for AI debate? Well this shell might just be the ticket for it, looks pretty slick, would be interesting to see what you think on it xon.sh from that point of view but I can see this being useful in many other ways, but it’s not posix compatible which makes sense in this case.

@mubix more instances for you

@SocketSecurity My package-checker program can check if you are compromised to this(php/laravel), pypi,golang,npm github.com/L1ghtn1ng/pack…

🚨 Supply chain attack on the Laravel Lang organization: 700+ historical versions across multiple community-maintained Laravel Lang packages were compromised with an RCE backdoor, including: laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes Laravel-Lang/actions The payload targets cloud creds, CI/CD secrets, Kubernetes tokens, Vault, browser data, password managers, SSH keys, and more.

@mubix 1password.com/blog/from-magi… But there has been audits on clawbot skills, and you can check things on here as well skills.sh/audits

@jay_townsend1 This is the only reference to malicious skills: snyk.io/blog/toxicskil… Do you know of others? Have any links handy?

Have we seen malicious CLAUDE\.md files or malicious AI skills yet? This feels like the new “don’t copy and paste random command line or bash scripts from the internet”

@eastdakota @CloudflareHelp can some please take a look at these tickets one is nearly a month old with no updates on and another one got opened the other day. It’s causing some major issues. 02087298 and 02136751

🚨 ACTIVE SUPPLY CHAIN ATTACK 🚨 The actions-cool/issues-helper GitHub Action is compromised. Every existing tag in the repo now points to an imposter commit that: ⬇️ Downloads the bun JS runtime 🧠 Reads Runner.Worker process memory to harvest CI/CD secrets in flight 📡 Exfiltrates credentials to t.m-kosche[.]com Any workflow referencing this action by version will pull the malicious code on its next run. If you use it: stop immediately, pin to a known-good commit SHA from before the compromise, and rotate any secrets exposed to recent runs. StepSecurity customers are already protected: 🛡 Real-time Threat Center alert with "Am I Affected?" links for every workflow and every runner that has talked to the IOC domain 🚫 Compromised Actions Policy blocks any run referencing this action before it executes 🌐 Harden-Runner Global Block List now blocks t.m-kosche[.]com automatically, even in audit mode, no config change required 🔍 Imposter Commit detection flags the exact signature of this attack Full advisory and IOCs: stepsecurity.io/blog/actions-c…

🧊 Big release for #JavaScript supply chain security: @pnpmjs 11 now defaults to a 1-day Minimum Release Age, blocks exotic subdependencies, and adds a new Allow Builds model. A strong step toward reducing exposure to fast-moving npm attacks → socket.dev/blog/pnpm-11-a… #nodejs

@Carlos_Perez can you look at getting this setup for DNSrecon please? @laramies this for theHarvester as well

With everything going on in supply chain madness lately the cli @SocketSecurity software firewall tool along with my traceguard program(Linux only) in block mode if you just block everything outbound and then stick what you need in the allow list should anything get past sockets tool should help control the blast radius github.com/L1ghtn1ng/trac… #infosec #cybersecurity

We’re tracking 73 Open VSX sleeper extensions tied to the GlassWorm campaign, with at least 6 already activated to deliver malware. These cloned extensions initially appear benign, then later become malware delivery vehicles through normal updates. socket.dev/blog/73-open-v…

Bitwarden identified and contained a malicious package briefly distributed through the npm delivery path for the Bitwarden CLI in connection with the broader Checkmarx supply chain incident. No user vault data or production systems were compromised or at-risk. Additional details and updates are available here: community.bitwarden.com/t/bitwarden-st…