DoktorZjivago
DJ🌞
Hi! I am looking for a copy of Motorola HCA62A00DM/D, Macrocell Array Design Manual. If you have one, whether physical or digital, please let me know!
Boost me to the top, my good folks. :-)
| Github | https://github.com/kugg |
| Blog | https://www.jerkeby.se |
kugg
- 321 Followers
- 276 Following
- 910 Posts
Independent security consultant sharing knowledge and building the future.
Ska vi ”skydda barnen” kan vi väl börja med att förbjuda bilar i innerstan, öka kollektivtrafiken? Minska barngrupperna på förskola och skola, lära alla läsa, simma, ha behöriga lärare, hjälpa barn med extra behov osv.
Men nää, det viktigaste ”skydda barnen” är att scanna allas fejs, iris, fingeravtryck osv .
daniel:// stenberg://The #curl vulnerability mountain. A visualization I like. https://curl.se/dashboard1.html#vulnerabilities-in-code
Quo usque tandem-cykel📎Ni glömmer väl inte att det är den 29 maj idag?
NileCity 29 Maj
Tuta
O RLY CYBER(opensourcemalware.com) Mini Shai-Hulud: How a DPRK-Aligned Technique Became a Crimeware Staple in Software Supply Chain Attacks
Mini Shai-Hulud campaign demonstrates cross-pollination of APT techniques into crimeware, targeting SAP CAP packages via malicious npm packages. Over 1,000 repositories compromised using VS Code `tasks.json` with `runOn: folderOpen` for RCE upon repository access—a technique first seen in DPRK-aligned PolinRider/TasksJacker.
In brief - A financially motivated threat group (TeamPCP) has adopted and scaled an APT technique to execute software supply chain attacks via developer tooling abuse. The campaign leverages VS Code and Claude Code hooks, Bun runtime, and OIDC misconfigurations to propagate malware, harvest credentials, and exfiltrate data. Organizations must address this as a class of attack, not an isolated incident.
Technically - Mini Shai-Hulud exploits `tasks.json` (`"runOn": "folderOpen"`) and Claude Code’s `SessionStart` hook to trigger silent execution. Malicious npm packages (`[email protected]`, `@cap-js/*@2.2.2`) were published using stolen tokens and overly permissive OIDC trusted publishing. The payload (`execution.js`) uses obfuscated JavaScript and Bun runtime (v1.3.13) to evade detection, propagate via GitHub repositories, and exfiltrate to attacker-controlled repos. Shared tradecraft with PolinRider includes `postcss.config.mjs`/`next.config.mjs` injection points.
I'm curious about macrame. I can pay big bucks to get my plants hanging. But deep down I know it's just rope and knots. I just want to escape to a reality where craft means something.
Henryk PlötzOk, fellow hackers, I propose a pact: That new EU age verification app thingy ... do NOT help improve it.
Don't publish findings. Don't responsibly disclose insecurities. Don't facilitate them making it bulletproof.
If personal data is directly at risk, by all means, slam their asses into the ground. GDPR them into oblivion.
But on its core functionality this needs to be, to become, and to stay, the most insecure, the most easily circumventable piece of shit code on the planet.
Jan SchaumannTIL: in Chrome, if you encounter any cert error, you can just type `thisisunsafe` while on the error page and blammo! you're on the insecure page.
This even works for HSTS preloaded domains:
EliseBoosts appreciated
I am looking for a new job, specifically in embedded development or embedded security. I have been writing Rust professionally for 5 years, and am also comfortable in C. I've found vulnerabilities in multiple generations of NVIDIA hardware, and have held talks on this. If anyone knows of any openings, or would want to refer me (I am open to more broad Software Engineering work if it's via referral), I would appreciate it. I'm open to both remote work, and hybrid inside Berlin. I'm reachable either here, or via mail at [email protected]