Mastodawn

HOLY FUCK, that's amazing!

AWS's "agentic development environment" allowed remote code execution via the NAME OF A COLOUR THEME 😆🤡

https://aws.amazon.com/security/security-bulletins/rss/2026-012-aws/

CVE-2026-5429 - Kiro IDE Webview Cross-Site Scripting via Workspace Color Theme

Bulletin ID: 2026-012-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/02 11:30 AM PDT Description: Kiro IDE is an agentic development environment that makes it easy for developers to ship real engineering work with the help of AI agents. We identified CVE-2026-5429, where unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a maliciously crafted color theme name when a local user opens the workspace. This issue requires the user to trust the workspace when prompted. Impacted versions: < 0.8.140 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

Amazon Web Services, Inc.

bettybarcode (she/her)Apr 9

Re-upping this because I tinkered with something at the back end and it blanked out all of my blog posts. They have now been restored. Thank you, @[email protected]. #Ooops #Fixed

RE: https://bsky.app/profile/did:plc:2eelley4vwgqgk3xd24nedj3/post/3mj3jqrele52r

Mig1anc Mar 25

#yebuo "Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), crypto wallets, SSL private keys, CI/CD secrets, ... passwords." #ooops #grubo #jprdl

x.com/karpathy/statu...

Andrej Karpathy (@karpathy) on X

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database

X (formerly Twitter)

Show thread

Dmitri Goosens

Dec 5

@gitlab web UI affected...
luckily, the CLI is still working though

#CloudFlare #Ooops

Show thread

Arcadiagt5 Oct 26, 2025

#Ooops. I was NOT expecting an actual ticket queue at #Dendy #dune

DoomsdaysCW Aug 11, 2025

So, confession... When I was in my 20's, I accidentally caught a #BabyShark while on a "Deep Sea Fishing" (really, Deep Sea Boozing) trip, and ended up eating it. With garlic and butter. And it didn't suck!

#DeepSeaFishing #Ooops

ChromaMagic Jun 16, 2025

Has your passion ever landed you in the emergency room? Let’s hear your favorites…! #art #painting #ooops

RE: https://bsky.app/profile/did:plc:klwxjf74in253f6as67giqg6/post/3lrqqqncn5k24

Show thread

IBBoard Jan 18, 2025

Me: Starts looking at other zoom levels to get some slightly better (but scaled) replacement tiles

Games Workshop: Yeah, we just screwed that whole area. Sometimes with overlapping tiles at a different zoom, sometimes not!

Looks like only full zoom-out is good on the Old World map. Otherwise you've got what are presumably old tiles from the smaller map still being served! Someone in the web team didn't do a good job of rolling out the new assets 😬

#Warhammer #TheOldWorld #Map #Ooops

IBBoard Jan 17, 2025

Games Workshop has a scrollable Warhammer Old World map on their theoldworld.com website.

If you want it as one huge image then all you need is wget and ImageMagick 7 (and a quick bit of watching network traffic to work out the ordering of the images!)

for i in {488..523}; do for j in {676..719}; do wget -O map_${j}_${i}.webp https\://theoldworld.com/map/10/$i/$j.webp; done; done
magick montage map_{719..676}_{488..523}.webp -tile 36x44 -geometry +0+0 map.jpg

And you get a 9216×11264 pixel map! And you find that there's rogue Empire tiles in a lighter colour scheme between Lahmia, the Broken Teeth, the Marshes of Madness and the Mortis Delta 😁

[Edit: Fixed the number order in commands - I'd been trying a few things to get them into the right order and copied the wrong command!]
[Edit 2: Having the URL in the wget command would help as well!]

#Warhammer #TheOldWorld #GamesWorkshop #Oldhammer #Maps #ooops