thepwnicorn

@[email protected]
67 Followers
70 Following
706 Posts
Working in AppSec by day, posting on here by night. he/him
thepwnicorn1d ago
IFIN - The Independent Federated Intelligence Network1d ago

Looks like we have a live one here. Weird Rust maintainer phishing campaign using crates[.]ws:

https://discourse.ifin.network/t/bizarre-crates-io-phishing-campaign/232

Bizarre crates.io phishing campaign

Observable: crates[.]ws Observable Type: Domain Details: Rust maintainer phishing email sending users to a bogus Crates website. Interestingly it looks like the .ws domain redirects to .io unless you provide it direct parameters. Unclear the intention though. Full URI in the email: https://crates[.]ws/settings/profile?action=verify&e=SOMENUMBER https://bsky.app/profile/nabijaczleweli.xyz/post/3miyodcruiuy2

IFIN
thepwnicorn6d ago
Socket6d ago

🚨 New Investigation: Attackers are hunting the maintainers behind Lodash, Fastify, buffer, Pino, mocha, Express, and #Nodejs core, because compromising one of them means write access to packages downloaded billions of times a week.

Multiple high-impact maintainers have all confirmed they were targeted in the same coordinated social engineering campaign that compromised Axios.

https://socket.dev/blog/attackers-hunting-high-impact-nodejs-maintainers

Attackers Are Hunting High-Impact Node.js Maintainers in a C...

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

Socket
thepwnicornMar 31
SocketMar 31

🚨 Active supply chain attack on [email protected]. The latest version pulls in [email protected] -- a brand-new package that didn't exist before today.

We're still investigating. If you use axios, pin your version and audit your lockfile.

https://socket.dev/blog/axios-npm-package-compromised

Supply Chain Attack on Axios Pulls Malicious Dependency from...

A supply chain attack on Axios introduced a malicious dependency, [email protected], published minutes earlier and absent from the project’s GitHu...

Socket
thepwnicornMar 28
Show threadNeil BrownMar 28

Perhaps I am some kind of dangerous computer radical these days, thinking that one should be able to buy or make a computer, install one's choice of OSs and software, create a local user account, and get on with one's affairs, privately and without interference.

Quiet enjoyment of one's computer.

* No age or ID verification

* No jumping through hoops to install software, or third parties restricting the software that one can run

* No third party accounts

thepwnicornMar 24
So does anyone want to have a guess what project TeamPCP are going for next? It would have to have used the compromised Trivy version or action, be popular, and not have rotated their credentials fast enough. So far we got KICS and LiteLLM that we know of.
thepwnicornMar 23
Max Maass Mar 23

#Trivy got compromised on thursday and released a backdoored new version, which was rolled back. We spent the entire friday in incident response mode. Now they got compromised again over the weekend.

I have a lot of sympathy for people under pressure during an incident, but for fucks sake, having a security tool get compromised three times within two months is just completely bonkers. We spent more time remediating security issues caused by our security tooling than any other cause. And the fact that there wasn't any official communication on friday means that we had to rely on third-party writeups, which were missing critical information like exact docker container digests and time ranges of the compromise. This made incident response completely miserable.

Anyway. Trivy 0.69.4, 0.69.5, 0.69.6 were all compromised with infostealer malware. Do what you have to do. There are several decent writeups:
- https://www.stepsecurity.io/blog/trivy-compromised-a-second-time---malicious-v0-69-4-release
- https://www.wiz.io/blog/trivy-compromised-teampcp-supply-chain-attack
- https://labs.boostsecurity.io/articles/20-days-later-trivy-compromise-act-ii/

And Trivy has an advisory on their GitHub that covers last thursday, but not the second compromise over the weekend: https://github.com/aquasecurity/trivy/security/advisories/GHSA-69fq-xp46-6x23

#ThreatIntel #SupplyChain

Trivy Compromised a Second Time - Malicious v0.69.4 Release, aquasecurity/setup-trivy, aquasecurity/trivy-action GitHub Actions Compromised - StepSecurity

On March 19, 2026, trivy β€” a widely used open source vulnerability scanner maintained by Aqua Security β€” experienced a second security incident. Three weeks after the hackerbot-claw incident on February 28 that resulted in a repository takeover, a new compromised release (v0.69.4) was published to the trivy repository. The original incident disclosure discussion (#10265) was also deleted during this period, and version tags on the aquasecurity/setup-trivy GitHub Action were removed. Trivy maintainers deleted the v0.69.4 tag and Homebrew downgraded to v0.69.3. The following is a factual account of what we observed through public GitHub data.

thepwnicornMar 21
Em Mar 21

First they ask for your date of birth,
but later they claim it's not enough.

Then they ask for your full name and location,
but later they claim it's not enough.

Then they ask for a copy of your passport,
but later they claim it's not enough.

Then they ask for your facial scan,
but later they claim it's not enough.

Then they ask for your fingerprints,
but later they claim it's not enough.

Then they ask for your palm scan,
but later they claim it's not enough.

Then they ask for a scan of your iris,
but later they claim it's not enough.

Then they ask for ...

#MassSurveillance #Authoritarianism #AgeVerification #Privacy #Democracy #HumanRights

thepwnicornMar 17
Show threadStacey Cornelius πŸ‡¨πŸ‡¦Mar 17

@cR0w I work in the culture sector. I see writers who have no problem using genAI to create images.

And I see people who loudly defend visual art who have no problem using LLMs to "help" with their writing.

IMHO generated artificial "intelligence" is the biggest marketing grift since big tobacco. Except the information about how the tools function and potential harms like deskilling is easily available. People just don't bother asking any questions.

We'll die on the hill of convenience.

thepwnicornMar 15
BisonMar 15

Hello, I'm a woodcarver, and this is what I do ✌️

You can help me a lot by sharing my work, so people can buy or commission me sculptures.

Praying for octopus blessings on your life πŸ™πŸ™

#art

thepwnicornMar 14
David GerardMar 14
SILICON VALLEY: I'm buzzing with a new idea
EVERYONE: New idea or just crimes again?
SILICON VALLEY: ... Crimes again
EVERYONE: well at least this time it wasn't reinventing buses