2/ i wrote a short-ish "note" over on The Blogging Site That Shall Not Be Named in an attempt to explain to the less technologically sophisticated people in the audience what just happened with the #nx / #npm supply chain attack.

* my simplified explanation: https://substack.com/profile/96801203-michel-de-cryptadamus/note/c-149738571
* for the trve heads with opinions on things like linux distros and the Rust programming language, Wiz wrote a much more thorough explanation: https://www.wiz.io/blog/s1ngularity-supply-chain-attack

#crypto #cryptocurrency #nodejs #node #threatintel #northkorea #lazarusgroup#DPRK #hackers #hacking #ethereum #claude #gemini

everyone calm down, the enormous #NPM supply chain attack of the incredibly popular (27,000 #github stars) #nx#AI build tool thingamajig is probably aimed solely at crypto bros. if you don't have any crypto you (hopefully) don't have anything to worry about.

my fact free, completely unsupported by evidence hunch is that we will find this came from #NorthKorea (because if it's a well orchestrated attempt to steal a bunch of crypto it's pretty much always north korea).

https://universeodon.com/@cryptadamist/115102035321832152

#crypto #cryptocurrency #ethereum #npm #nodejs #node #js#javascript#webdev#DPRK#LazarusGroup #cybersecurity #infosec #threatintel #claude #gemini

Seeing an influx of spam from a few big Mastodon servers, perfect timing for FediThreat to ship along with the big Stories release!

It's going to be a busy and fun weekend 🚀

https://fedithreat.net/

#fediverse#threatIntel

Seeing an influx of spam from a few big Mastodon servers, perfect timing for FediThreat to ship along with the big Stories release!

It's going to be a busy and fun weekend 🚀

https://fedithreat.net/

#fediverse#threatIntel

2/ i wrote a short-ish "note" over on The Blogging Site That Shall Not Be Named in an attempt to explain to the less technologically sophisticated people in the audience what just happened with the #nx / #npm supply chain attack.

* my simplified explanation: https://substack.com/profile/96801203-michel-de-cryptadamus/note/c-149738571
* for the trve heads with opinions on things like linux distros and the Rust programming language, Wiz wrote a much more thorough explanation: https://www.wiz.io/blog/s1ngularity-supply-chain-attack

#crypto #cryptocurrency #nodejs #node #threatintel #northkorea #lazarusgroup#DPRK #hackers #hacking #ethereum #claude #gemini

everyone calm down, the enormous #NPM supply chain attack of the incredibly popular (27,000 #github stars) #nx#AI build tool thingamajig is probably aimed solely at crypto bros. if you don't have any crypto you (hopefully) don't have anything to worry about.

my fact free, completely unsupported by evidence hunch is that we will find this came from #NorthKorea (because if it's a well orchestrated attempt to steal a bunch of crypto it's pretty much always north korea).

https://universeodon.com/@cryptadamist/115102035321832152

#crypto #cryptocurrency #ethereum #npm #nodejs #node #js#javascript#webdev#DPRK#LazarusGroup #cybersecurity #infosec #threatintel #claude #gemini

Detailed report coming out of CISA regarding Chinese State-Sponsored Actors.

All the names, all the cybers.

https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a

#ThreatIntel#Cybersecurity#Infosec

Detailed report coming out of CISA regarding Chinese State-Sponsored Actors.

All the names, all the cybers.

https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a

#ThreatIntel#Cybersecurity#Infosec

I find this report by Group-IB quite intriguing since it would appear to suggest a collaboration between Chinese and Russian actors.

That itself is interesting and would appear to mimic the geopolitical landscape where Russia and China are quite cozy.

https://www.group-ib.com/blog/shadowsilk/

#ThreatIntel#Cybersecurity#Russia#China#ShadowSilk

I find this report by Group-IB quite intriguing since it would appear to suggest a collaboration between Chinese and Russian actors.

That itself is interesting and would appear to mimic the geopolitical landscape where Russia and China are quite cozy.

https://www.group-ib.com/blog/shadowsilk/

#ThreatIntel#Cybersecurity#Russia#China#ShadowSilk

New loot coming out of DTI @DomainTools and it would appear as if our dear friend @neurovagrant has been at it again? 🙂

https://dti.domaintools.com/spynote-malware-part-2/

#ThreatIntel#Cybersecurity#Infosec

New loot coming out of DTI @DomainTools and it would appear as if our dear friend @neurovagrant has been at it again? 🙂

https://dti.domaintools.com/spynote-malware-part-2/

#ThreatIntel#Cybersecurity#Infosec

I'm still mad that firewall vendors have their heads up their AI's asses and won't enable blocking by ASN. So here is the ASN-DROP list from @spamhaus but I pulled the advertised prefixes for them all so you can block the networks in your firewalls. Or at least look into it.

Fuck you, vendors. 🖕

https://cascadiacrow.com/spamhausAsnDropNetworks.txt

#GAYINT#FURINT#threatIntel

Yet another AitM campaign. This one on Secret Blizzard is written up by Microsoft.

https://www.microsoft.com/en-us/security/blog/2025/07/31/frozen-in-transit-secret-blizzards-aitm-campaign-against-diplomats/

#threatIntel

Good thing Macs can't get malware, otherwise this SentinelOne post about ZuRu making a comeback might be worth looking into. IOCs in the post.

https://www.sentinelone.com/blog/macos-zuru-resurfaces-modified-khepri-c2-hides-inside-doctored-termius-app/

#threatIntel

For the past few weeks, @DomainTools Investigations worked with OSINT analyst and investigative journalist grantees to help uncover connections between websites involved in the harassment of Ukrainian personnel and their families, and the people and infrastructure involved.

We provide a technical writeup below on the observables and data involved.

#infosec #cybersecurity #threatintel #disinformation

https://www.domaintools.com/resources/blog/rdap-and-bgp-in-investigative-journalism/

For the past few weeks, @DomainTools Investigations worked with OSINT analyst and investigative journalist grantees to help uncover connections between websites involved in the harassment of Ukrainian personnel and their families, and the people and infrastructure involved.

We provide a technical writeup below on the observables and data involved.

#infosec #cybersecurity #threatintel #disinformation

https://www.domaintools.com/resources/blog/rdap-and-bgp-in-investigative-journalism/

"Britain’s drug gangs and Moscow’s hackers were just two nodes in a vast criminal super-network [that] included sanctioned oligarchs, Russian intelligence operatives and an Irish crime family."

(and of course that network also now includes the #Trump administration, because Howard Lutnick is/was Tether's money manager)

* #TheEconomist: https://www.economist.com/1843/2025/07/04/how-tether-became-money-launderers-dream-currency
* no paywall: https://archive.ph/NiCRD

#moneylaundering #crime#corruption #crypto #cryptocurrency #iran #russia #uspol#howardLutnick #economist #economics #finance #uk #ukpol #garantex #threatintel #ransomware #cybersecurity #vladimirputin #oligarchs #putin #ukraine #kinahans #kinahan

2 and a bit days in and Ingram Micro still haven’t admitted what is happening, instead saying “Maintenance”

They’re both a large MSP and MSSP who sell anti-ransomware services.

#threatintel #ransomware

Bleeping Computer confirms: https://www.bleepingcomputer.com/news/security/ingram-micro-outage-caused-by-safepay-ransomware-attack/

#threatintel #ransomware