Popular Tinycolor npm Package Compromised in Supply Chain At...
Malicious update to @ctrl/tinycolor on npm is part of a supply-chain attack hitting 40+ packages across maintainers
π¨ Malicious update to @ctrl/tinycolor on npm is part of an active supply chain attack hitting 40+ packages across multiple maintainers. Audit & remove affected versions.
Our analysis of the malware: socket.dev/blog/tinycol... #NodeJS #JavaScript
15.09.2025 23:23 β π 30 π 20 π¬ 0 π 14
Honestly serious: JUST DON'T UPDATE PACKAGES RIGHT NOW.
It is unclear to me yet, but this is looking pretty wide spread. Better be safe than sorry, just go touch some grass.
15.09.2025 22:29 β π 75 π 40 π¬ 4 π 6
Do not update to @ctrl/tinycolor@4.1.2. It has malware that is currently live on npm.
15.09.2025 22:15 β π 22 π 4 π¬ 1 π 2
Thanks!
13.07.2023 03:06 β π 0 π 0 π¬ 0 π 0
I'm excited to finally be on #bluesky. Now I need to curate my feeds.
13.07.2023 00:47 β π 5 π 0 π¬ 1 π 0
ATX - he/him - π₯Humans are more important than code - I work at an entertainment company and volunteer my time making art on github
https://github.com/wesleytodd
Google Chief Scientist, Gemini Lead. Opinions stated here are my own, not those of Google. Gemini, TensorFlow, MapReduce, Bigtable, Spanner, ML things, ...
Native Hawaiian Hacker | Prev Co-captain of @Shellphish | PhD Student in Comp Sci @ASU l Decompiler Research | https://mahaloz.re
Working on Project Zero, Big Sleep, and V8 Security. Personal account.
Fmr DARPA Program Manager | Fmrly Organizing DEF CON CTF with Nautilus | RPISEC Alumna | Personal account, opinions my own, RT β endorsement
Director of Research at @portswigger.net
Also known as albinowax
Portfolio: https://jameskettle.com/
Creator of Have I Been Pwned. Microsoft Regional Director. Pluralsight author. Online security, technology and βThe Cloudβ. Australian.
Encryption, HTTPS, certificates, web security, security UX, software engineering and management, TMI about parenting. Opinions are my own.
I like writing silly skeets, but that doesn't pay so I also make Google Chrome. mamΓ‘, Eng Director, volunteer at Second Harvest. πΊπ²π¨π·
Twitter: @__apf__
Professor @ncstate.bsky.social
systems and software security π‘
@defcon.bsky.social CTF organizer (2018-2021)
computer security person. former helpdesk.
Sen. Sanders of Vermont, Ranking Member of the U.S. Senate Committee on Health, Education, Labor & Pensions, is the longest-serving independent in congressional history.
Professor in Computer Security @EURECOM
Ex Defcon CTF organizer with @oooverflow
Entrepreneur
Costplusdrugs.com
Associate Professor at BU. Cybersecurity and Cybersafety. Come for the memes, stay for the science. Skeets are my own
Retired DEFCON CTF org.
Shellphish Captain Emeritus.
ASU Prof.
angr hacker.
pwn.college sensei.
Looking for students/interns!
https://yancomm.net
https://github.com/zardus
https://defcon.social/@Zardus
π―π΅ ζ₯ζ¬θͺOK (>Ο<)
π Portland π¦«
π» Product design
