Since i'm still on the hellsite, here is my thread on the NPM dependency issues: x.com/AndrewMohawk...
But TL;DR there is so much FUD
This would only impact you if
-FRESH install between 9am-11.30am ET
-OR Package-lock.json created in that time
-Vuln packages in direct or transient dependencies
Feels so good to interact with the infosec community as a whole, I cant imagine why we have bad reputation as not being welcoming!
24.07.2025 14:01 — 👍 2 🔁 0 💬 0 📌 0
expel.com/blog/poisons... pretty interesting using cross device sign in ( www.passkeycentral.org/design-guide... ) to bypass fido2 hurdle, effectively turning the hardware token into QR code and asking the user to scan it
20.07.2025 17:21 — 👍 2 🔁 0 💬 0 📌 0
I made a submission!
24.06.2025 00:33 — 👍 3 🔁 0 💬 0 📌 0
A blonde tattooed person tattooing the forearm of a woman
My firstborn is trans 🏳️⚧️ nonbinary ⚧️ and a tattoo artist that now lives in California. They’re in Seattle for their brother’s graduation this week and brought their gear to give me a tattoo. There is a my other two tattoos are decorative but there is a meaningful story behind what I had them do. 1/
19.06.2025 02:27 — 👍 26 🔁 1 💬 1 📌 0here's a framebuffer graphics demo (this has no practical purpose and I can't prove I'm not just like, playing a youtube video or something)
05.06.2025 16:26 — 👍 1284 🔁 269 💬 31 📌 57
Finally one of the models is useful to me. I give you my stance on WebAuthN. cc @Yubico
(Everyone at orgs I work at has a 5C + 5C NFC for phone and your org should as well)
Whats the worst that could happen?
27.05.2025 23:33 — 👍 0 🔁 0 💬 0 📌 0Its finders keepers for one of these f-18s right?
11.05.2025 23:30 — 👍 401 🔁 19 💬 29 📌 0@kurtopsahl.bsky.social just said "The journey to stronger opsec begins with reducing the number of steps" and I fucking love it.
12.05.2025 15:59 — 👍 2 🔁 1 💬 0 📌 0She thinks the Library of Congress is like a local public library because it's got "Library" in the name and I can't emphasize enough that our country is being run by the stupidest people alive on the planet today.
10.05.2025 19:57 — 👍 1081 🔁 231 💬 16 📌 4
Friends, criminals, scoundrels, you rang?
23.04.2025 12:11 — 👍 2 🔁 0 💬 0 📌 0
One Hole per beverage A coke machine at a fast food place from befor the 2010s is shown next to a big green check mark Unholy drink cloaca A coke machine with a single dispenser and an screen for choice is shown
11.04.2025 21:01 — 👍 7299 🔁 1567 💬 114 📌 138
You wont know when I am absolutely destroying my docker swarm, but there will be signs.
07.04.2025 04:26 — 👍 0 🔁 0 💬 0 📌 0
I got Manus access and errr.. its struggling with a docker project, but the filenames are hilarious! Manus.. its just like us!
03.04.2025 03:33 — 👍 0 🔁 0 💬 0 📌 0
The life of crime is calling me!
03.04.2025 01:19 — 👍 2 🔁 0 💬 0 📌 0
25.03.2025 12:25 —
👍 0
🔁 0
💬 0
📌 0
25.03.2025 12:25 —
👍 0
🔁 0
💬 1
📌 0
Collection of stolen memes because this is incredible
25.03.2025 12:25 — 👍 0 🔁 0 💬 1 📌 0
Another day, another 9.x critical vuln that bypasses authentication/authorization flow :(
thehackernews.com/2025/03/crit...
But dont worry it's just the kubes ingress-nginx and not the nginx ingress controller often used for kubes. Stay safe out there 🙃
Meme stolen from @yaelwrites.com
24.03.2025 18:56 — 👍 8 🔁 1 💬 1 📌 0
In 25 years of covering national security, I’ve never seen a story like this: Senior Trump officials discussed planning for the U.S. attack on Yemen in a Signal group--and inadvertently added the editor-in-chief of The Atlantic. www.theatlantic.com/politics/arc...
24.03.2025 16:11 — 👍 16621 🔁 6490 💬 787 📌 2587And some skinnnnn
24.03.2025 09:38 — 👍 0 🔁 0 💬 0 📌 0
Just needs this and then microcontroller and camera, I'm using a pretty wide camera cause it's just what I had lying around
24.03.2025 09:37 — 👍 0 🔁 0 💬 0 📌 0
Even has a web interface to see what the fsck its up to
24.03.2025 05:15 — 👍 0 🔁 0 💬 0 📌 0Found a cool animatronic eye 3D print and spent the weekend making it follow me around
24.03.2025 05:11 — 👍 4 🔁 1 💬 3 📌 0
I really hate that this is the release details we get for a *9.1 critical vuln* in a common js stack: www.cve.org/CVERecord?id...
I will be blocking all requests with the header `x-middleware-subrequest` rather than risk deploying a > 5pm release for something without any real details.
Tornado cash is back.
home.treasury.gov/news/press-r...
Vibe coding my own rust ui for the rayhunter ( github.com/EFForg/rayhu... )
21.03.2025 07:07 — 👍 2 🔁 1 💬 1 📌 0
