🚨 New Investigation: Attackers are hunting the maintainers behind Lodash, Fastify, buffer, Pino, mocha, Express, and #Nodejs core, because compromising one of them means write access to packages downloaded billions of times a week.

Multiple high-impact maintainers have all confirmed they were targeted in the same coordinated social engineering campaign that compromised Axios.

https://socket.dev/blog/attackers-hunting-high-impact-nodejs-maintainers

It never gets old seeing what humanity can do with math and science while we continue to battle against our base instincts down here on Earth.

#Artemis #Artemis2 #Science #Math #Space

If someone comes to me today preaching about “post-quantum” security issues, I’ll remind them of the current state of security: the npm ecosystem gets abused daily, CI pipelines run left and right with full access to cloud services, so-called security devices like F5 and Ivanti are exposed (and compromised) to the internet, mailboxes get compromised just to change an IBAN in a PDF, and a simple phone call is still enough to get someone to hand over an MFA code.

But yes, by all means, let’s focus on post-quantum threats while handing AI tools SSH access like it’s a feature, not a confession.

#cybersecurity #stateoftheworld

Happy weekend! Enjoy our analysis of CVE-2026-3055 - yet another 'Memory Overread' vulnerability in Citrix NetScaler appliances.

https://labs.watchtowr.com/the-sequels-are-never-as-good-but-were-still-in-pain-citrix-netscaler-cve-2026-3055-memory-overread

This is peak malicious compliance and I love it

https://sightlessscribbles.com/posts/the-paperwork-flood/

Edit : the blog author is on the fediverse if you want to follow him here, and he maintains a follow page on his site with many options!

RE: https://mastodon.social/@h4ckernews/116296770832750602

@cR0w I'd pick this over more goats-e