Displaced Philly boy. Threat hunter. Educator. Executive Director. #infosec, #programming #rust 
, #python 
#haskell 
, and #javascript 
. #opensource advocate. General in the AI Resistance. Runs @thetaggartinstitute. Made https://wtfbins.wtf. Not your bro. All opinions my own. Dad. #fedi22 #searchable
Pronouns: He/him.
| The Taggart Institute | https://taggartinstitute.org |
| Blog | https://taggart-tech.com |
| Codeberg | https://codeberg.org/mttaggart |
| YouTube | https://youtube.com/taggarttech |
| GitHub | https://github.com/mttaggart |
| Keyoxide | aspe:keyoxide.org:G4ADJFWICZZZXGR4STZQVMBJNM |
RE: https://infosec.exchange/@BleepingComputer/116738219075700556
Our very own @mttaggart is quoted in this article. I expect we are going to see a LOT more of this sort of thing involving other distros. Good thing we have AI SOCs to solve this, right?
A quick note on process regarding the recent AUR story. Everything worked exactly as community-driven threat intel should.
We protected each other.
RE: https://infosec.exchange/@ifin/116735279416101129
This attack is ongoing, with the attackers shifting from npm to bun for malware installation. If you see information we're missing, please consider contributing!
RE: https://infosec.exchange/@ifin/116735279416101129
I'm trying to understand the details of AUR processes for submitting PKGBUILDs. In other words, how exactly did this happen? arojas submitted hundreds of changes to PKGBUILD or related files. And they were just...accepted? What am I missing?
Edit: What I missed was this was pure impersonation. The maintainer is fine, but the process was vulnerable to spoofing.
400+ Arch User Repository packages have been compromised in a massive, sophisticated supply chain attack, including a rootkit installation.
https://discourse.ifin.network/t/400-aur-packages-compromised-with-infostealer-and-rootkit/577
Last Updated: 2026-06-12T04:22:42Z (UTC) What’s Happening It appears an AUR package maintainer’s account (arojas) was compromised. The maintainer’s account had write access to over 400 package repos. The compromise was reported and other AUR maintainers have been working to remove the infected packages. The affected packages were modified with preinstall scripts to use npm to install the atomic-lockfile package, a malicious payload. Here’s an example of the change: This blog has a deep d...
This is not actually the reason Oracle stock is down today. But it probably didn't help.
Anyway if you use PeopleSoft, please patch ASAP.
Last Updated: 2026-06-11T22:11:52Z (UTC) What’s Happening CVE-2026-35273, a CVSSv3 9.8 severity vulnerability allows “takeover” or “code execution.” No details on mechanism as yet. https://www.oracle.com/security-alerts/alert-cve-2026-35273.html The CVE listing shows the CWE as CWE-308, or “Missing Authentication for Critical Function.” So presumably an auth bypass or Broken Function Level Authorization on an API endpoint. The Register reports that ShinyHunters credit this vulnerability for ...
I didn't know hyfetch --june was a thing but it brought a big smile to my face.
I'll let you discover that one for yourselves.
No US Cyber Force this year
New cyber military branch was voted out of the NDAA in a Senate committee
https://therecord.media/cyber-force-not-included-senate-defense-roadmap
An amendment by Sen. Kirsten Gillibrand (D-NY) to the chamber’s fiscal 2027 national defense authorization bill that would have created the digital-focused service was defeated 14-13 when the Senate Armed Services Committee took up the nearly $1.2 trillion legislation behind closed doors this week.
Jerry 🦙💝🦙
IFIN - The Independent Federated Intelligence Network
Sharkfie 
Catalin Cimpanu