nyanbinary20h ago

My therapist: Dont just do things on the 'puter, even if they are productive!!!

Me: But tummy hurt & I wanna know HOW dashlane fucked up (re: https://discourse.ifin.network/t/some-dashlane-customer-password-vaults-exfiltrated/532 )

#ifin

Some Dashlane customer password vaults exfiltrated

“Fewer than 20” vaults were exfiltrated via MFA brute force, whatever that means. The vaults are still encrypted, assuming Dashlane’s encryption methods are sound. https://support.dashlane.com/hc/en-us/articles/36038764990866-Security-advisory-Brute-force-attack-on-Dashlane-user-accounts?7194ef805fa2d04b0f7e8c9521f97343

IFIN
IFIN - The Independent Federated Intelligence Network2d ago

VS Code extensions: developers won't stop using them, but knowing the attendant risks and possible mitigations could save you from the next supply chain worm.

https://ifin-intel.org/blog/risky-vsx/

#ThreatIntel #ThreatIntelligence #IFIN

VS Code Extensions: Risks and Mitigations | IFIN

VS Code extensions are a favorite vector for credential stealers. Don't make it easy for them to use your tools against you.

Rye 🐍2d ago

I wrote a bit about some linux tools I explored this last week and invite you to check it out.

https://discourse.ifin.network/t/the-linux-black-bag/519?u=rye

#linuxtools #linxperformance #linuxMonitoring #linux #ifin

The Linux Black Bag

Recently I’ve been exploring different flavors of linux, some exceptionally small, some that just run entirely in memory, some that come only with the core packages. By far my favorite is puppy linux, with tiny-core in second. On that journey it prompted me to explore some of my favorite technical documentation about systems engineering and observability by Brendan Gregg. This article is about the tools I installed after revisiting BPF and Systems Performance books. When your system is experie...

IFIN
IFIN - The Independent Federated Intelligence Network2d ago

Well it's another week, so here's yet another NPM package compromise in the "Mini Shai-Hulud" family of compromises. This time, it's Red Hat cloud services.

Some interesting differences here, including 100% trusted site exfiltration, with Claude being the primary!

https://discourse.ifin.network/t/mini-shai-hulud-hits-red-hat-npm-packages/523

#ThreatIntel #ThreatIntelligence #IFIN

Mini Shai-Hulud Hits Red Hat NPM Packages

Last Updated: 2026-06-01T14:50:48Z (UTC) What’s Happening Yet another “Shai-Hulud” style NPM attack, this time against Red Hat cloud services packages. Socket has the full report. Affected packages have been unpublished, but it’s unclear if new packages have yet been issued, or the root cause of the compromise identified. Actions Review the listed packages and versions for compromise. Full package list here: https://socket.dev/supply-chain-attacks/red-hat-cloud-services-package-compromise ...

IFIN
IFIN - The Independent Federated Intelligence NetworkMay 27

IPs and domains are just the beginning of the IoC journey. Effective defense requires the distillation of atomic indicators to something more generally applicable. IFIN Staff Member Mike B walks us through the distillation process.

https://ifin-intel.org/blog/ioc-distillation/

#ThreatIntel #ThreatIntelligence #IFIN

IOC Distillation for Posture Improvement | IFIN

To escape the onslaught of atomic indicators, we must distill the information to what really matters.

IFIN - The Independent Federated Intelligence NetworkMay 23

Add Laravel to the list of large projects whose GitHub repos have been compromised.

https://discourse.ifin.network/t/laravel-packages-compromised-in-yet-another-github-attack/497

#ThreatIntel #ThreatIntelligence #IFIN

Laravel Packages Compromised in Yet Another GitHub Attack

Last Updated: 2026-05-23T05:43:35Z (UTC) What’s Happening Laravel, a popular PHP framework, has had its GitHub packages compromised by a credential stealer. Aikido has a report, and has reported the issue to the maintainers. So has Step Security. Actions Review traffic for DNS/URL indicators of compromise Review endpoint activity for malicious file writes Got Laravel dependencies? Rotate those secrets Follow Recovery steps recommended by Step Indicators of Compromise Value Type ...

IFIN
IFIN - The Independent Federated Intelligence NetworkMay 21

We regret to inform you that yet another GitHub attack is underway—this time compromising GitHub Actions with infostealer scripts.

https://discourse.ifin.network/t/5600-github-accounts-compromised-in-megalodon-attack/490

#ThreatIntel #ThreatIntelligence #IFIN

IFIN - The Independent Federated Intelligence NetworkMay 19

One maintainer's compromised tokens are responsible for the takeover of 500+ NPM packages, including the AntV family of packages.

https://discourse.ifin.network/t/500-npm-packages-including-antv-compromised-via-single-maintainer/476

#ThreatIntel #ThreatIntelligence #IFIN

500+ NPM packages, including antv , compromised via single maintainer

Last Updated: 2026-05-19T06:10:31Z (UTC) What’s Happening Hundreds of NPM packages have been compromised in yet another TeamPCP attack. The attack vector appears to be a single maintainer, atool. Actions Review the list of affected packages and versions and check for presence in your environments. Review GitHub repos for indicators of compromise. Once again, bun is used as the malware executor. Seek bun installs to non-standard locations and process executions from those locations. Notes ...

IFIN
IFIN - The Independent Federated Intelligence NetworkMay 18

Microsoft Power BI is under a DDoS attack claimed by 313 Team, the same group that recently claimed the attack on Ubuntu.

Their booter is still protected by Cloudflare, btw.

https://discourse.ifin.network/t/power-bi-ddosed-claimed-by-313-team/470

#ThreatIntel #ThreatIntelligence #IFIN

Power BI DDoS claimed by 313 Team

Last Updated: 2026-05-18T16:53:37Z (UTC) What’s Happening 313 Team, fresh off their Ubuntu services under attack, are claiming an attack against Microsoft Power BI. Microsoft has the alert: We’ve identified an unexpected increase in request traffic that’s causing the portion of infrastructure to operate in a suboptimal state. We’re continuing to investigate the source of this traffic while we determine the most efficient method to remediate the impact. https://admin.cloud.microsoft/#/...

IFIN
IFIN - The Independent Federated Intelligence NetworkMay 15

We have a breakdown of the current attack campaign against Cisco SD-WAN devices

https://discourse.ifin.network/t/cve-2026-20182-cisco-catalyst-sd-wan-eitw/457

#ThreatInte #ThreatIntelligence #IFIN

CVE-2026-20182: Cisco Catalyst SD-WAN EITW

Last Updated: 2026-05-15T18:08:25Z (UTC) What’s Happening CVE-2026-20182 Authentication Bypass in Cisco Catalyst SD-WAN controller has been found exploited in the wild. It has a severity rating of 10. Rapid 7, who initially disclosed the vulnerability, has published their own in-depth analysis and timeline. Rapid7 has also released a Metasploit Module that exploits this vulnerability. Cisco has released an update and disclosed a number of IOC’s related to the ongoing exploitation. The...

IFIN