Will Hunt

@[email protected]
167 Followers
50 Following
144 Posts
Hacker, trainer, speaker, musician. Co-founded https://In.security
Twitterhttps://twitter.com/Stealthsploit
In.securityhttps://In.security
Discordhttps://discord.gg/aCgUbE8ePD
Will Hunt1d ago
IFIN Threat Intel1d ago

Last Updated: 2026-05-19T06:10:31Z (UTC)

What's Happening

Hundreds of NPM packages have been compromised in yet another TeamPCP attack. The attack vector appears to be a single maintainer, atool.

https://opensourcemalware.com/blog/teampcp-compromises-npm-maintainer-with-over-540-packages

https://socket.dev/blog/antv-packages-compromised?utm_medium=feed

Actions

Review the list of affected packages and versions and check for presence in your environments. Review GitHub repos for indicators of compromise.

Once again, bun is used as the malware executor. Seek bun installs to non-standard locations and process executions from those locations.

Notes

Antv is a popular AI visualization ecosystem from Alibaba. A lot of downloads are involved in this one—millions per week.



Discuss this on our forum.
TeamPCP compromises NPM maintainer with over 540 packages

A threat actor tracked as TeamPCP has compromised two npm maintainer accounts — including the one behind the AntV data-visualization suite — republishing 324 packages with over 16 million combined weekly downloads.

Will Hunt2d ago
Hashcracky2d ago

==============================

EVENT WINNERS!

Stealthsploit: 811,424 points,
afsa: 735,222 points,
Partly9642: 702,337 points,
jpg0mez: 701,361 points,
phurtim: 689,934 points,

THANK YOU TO ALL PLAYERS! HUZZAH!
https://hashcracky.com/game/b181f96f-5315-4a26-adce-4ef7dde7a6b3
==============================
#hashcracky

Sebastians Redemption Arc 2026 | Hashcracky

Sebastian caught the hands in his last boss fight. Feeling down on his luck and his entire world crumbling, Sebastian needs to light his fire and reclaim his title. We need to hype him up and unlock his redemption story. Can you help motivate Sebastian for his prime-time redemption fight? — Sta...

Hashcracky
Will HuntApr 29
HashcrackyApr 15

==============================

! NEW HASHCRACKY EVENT !

EVENT START: 4/30/2026
EVENT END: 5/5/2026

GOOD LUCK, ALL PLAYERS!
https://hashcracky.com/game/86ff9a24-8854-4db7-9c9b-dfdbb6057df7
==============================
#hashcracky

Sebastians Boss Fight 2026 | Hashcracky

This is the old translated fable of Sebastian the knight and his companions on their way to slay the Jabbercracky. The only problem is, the evil wizard hashed and scrambled the tale. We've tried our best, but it still does not make a lot of sense. We could use some cryptographical sorcery on this...

Hashcracky
Will HuntApr 29

Tickets are still selling for both our Hacking and Defending Enterprises trainings at Black Hat USA #BHUSA. Join us for a full scale enterprise attack from OSINT through multi-domain compromise, or for detection engineering and threat hunting, or both!💪

https://in.security/events/

Upcoming Events - In.security

In.security
Will HuntApr 17
Aaron Toponce ⚛️Apr 17

A close friend of mine is having a mastectomy today. Decided to do a run in The Avenues in Salt Lake City to show my support. The "CK" is supposed to be a ribbon.

Fuck Cancer.

#running #RunnersOfMastodon

Will HuntMar 17

We're back and ready to rock at the Black Hat Masterclass in May for a 1-day virtual Insider Threat training and then at #BHUSA in-person with the 2026 editions of both our Hacking Enterprises and Defending Enterprises trainings.

Join us to attack, defend, or both!

https://in.security/events/

Upcoming Events - In.security

In.security
Will HuntMar 14
CycloneMar 14

CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.

hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.

If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.

Details:
https://forum.hashpwn.net/post/11119

GitHub repo:
https://github.com/Cynosureprime/hashpipe

#hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn

Will HuntFeb 9
HashcrackyFeb 7

==============================
! NEW HASHCRACKY EVENT !

EVENT START: 2/20/2026
EVENT END: 2/24/2026

GOOD LUCK, ALL PLAYERS!
https://hashcracky.com/game/8736f4de-457c-4925-bfa1-c091285d7abb
==============================

Annual Competitive Hashcracky 2026 | Hashcracky

It's that time of the year again! Brand new year, brand new hashes to crack. Join us as we kick off the 2026 Hashcracky competitive season with a new event. Bring a slice of cake and get ready to celebrate another year of hash-cracking adventures. — Starts: 2026-02-20T20:00:00Z • Ends: 2026-0...

Hashcracky
Will HuntJan 6
Robert McNeesJan 6

This is incredible. An MTV simulator with almost 30,000 videos, organized by decade along with special sections for Headbanger's Ball and Yo! MTV Raps.

https://wantmymtv.vercel.app/

MTV REWIND - I Want My MTV

Celebrating 44 years of continuous music videos. Stream classic music videos 24/7.

Will HuntJan 5

Our first 2026 training is now taking registrations!

Join us for Hacking Enterprises - 2026 Red Edition at Black Hat Asia in Singapore on 21-22 April.

https://in.security/events/

Upcoming Events - In.security

In.security