Since i'm still on the hellsite, here is my thread on the NPM dependency issues: x.com/AndrewMohawk...
But TL;DR there is so much FUD
This would only impact you if
-FRESH install between 9am-11.30am ET
-OR Package-lock.json created in that time
-Vuln packages in direct or transient dependencies
Feels so good to interact with the infosec community as a whole, I cant imagine why we have bad reputation as not being welcoming!
expel.com/blog/poisons... pretty interesting using cross device sign in ( www.passkeycentral.org/design-guide... ) to bypass fido2 hurdle, effectively turning the hardware token into QR code and asking the user to scan it
I made a submission!
My firstborn is trans 🏳️⚧️ nonbinary ⚧️ and a tattoo artist that now lives in California. They’re in Seattle for their brother’s graduation this week and brought their gear to give me a tattoo. There is a my other two tattoos are decorative but there is a meaningful story behind what I had them do. 1/
here's a framebuffer graphics demo (this has no practical purpose and I can't prove I'm not just like, playing a youtube video or something)
Finally one of the models is useful to me. I give you my stance on WebAuthN. cc @Yubico
(Everyone at orgs I work at has a 5C + 5C NFC for phone and your org should as well)
Whats the worst that could happen?
Its finders keepers for one of these f-18s right?
@kurtopsahl.bsky.social just said "The journey to stronger opsec begins with reducing the number of steps" and I fucking love it.
She thinks the Library of Congress is like a local public library because it's got "Library" in the name and I can't emphasize enough that our country is being run by the stupidest people alive on the planet today.
Friends, criminals, scoundrels, you rang?
You wont know when I am absolutely destroying my docker swarm, but there will be signs.
I got Manus access and errr.. its struggling with a docker project, but the filenames are hilarious! Manus.. its just like us!
The life of crime is calling me!
Collection of stolen memes because this is incredible
Another day, another 9.x critical vuln that bypasses authentication/authorization flow :(
thehackernews.com/2025/03/crit...
But dont worry it's just the kubes ingress-nginx and not the nginx ingress controller often used for kubes. Stay safe out there 🙃
Meme stolen from @yaelwrites.com
In 25 years of covering national security, I’ve never seen a story like this: Senior Trump officials discussed planning for the U.S. attack on Yemen in a Signal group--and inadvertently added the editor-in-chief of The Atlantic. www.theatlantic.com/politics/arc...
And some skinnnnn
Just needs this and then microcontroller and camera, I'm using a pretty wide camera cause it's just what I had lying around
Even has a web interface to see what the fsck its up to
Found a cool animatronic eye 3D print and spent the weekend making it follow me around
I really hate that this is the release details we get for a *9.1 critical vuln* in a common js stack: www.cve.org/CVERecord?id...
I will be blocking all requests with the header `x-middleware-subrequest` rather than risk deploying a > 5pm release for something without any real details.
Vibe coding my own rust ui for the rayhunter ( github.com/EFForg/rayhu... )
