guiespinho do Java retweeted
Jun 13
Um bom caminho tbm
Se não souber inglês
- vai no meu fixado
- pega o guia indicado no meu fixado com o devdojo grátis no YouTube
- ou paga udemy 30 conto do nelio (bom tbm)
- faz uns exercícioszinho pra praticar
- aprende o conteúdo todo, começa a aplicar pra estágio enquanto aprende junto docker, banco não relacional, básico de cloud.
Se for introvertido, aprender a conversar vai te dar muitos pontos
Jun 13
vou mandar a call pra galera que acha que "o mercado morreu"
1. pegue um curso de java em ingles na udemy
2. se voce não sabe ingles, comece por aprender ingles, depois volte ao passo 1
3. depois pegue um curso de aws na udemy
4. deploye o seu projeto java na aws
5. win
2
11
326
12,470
Nélio Alves pela Udemy se tiver uma graninha, ou o curso gratuito no YouTube do DevDojo (bem completo)
2
8
798
May 24
Laravel 개발자들 지금 당장 devdojo/wave나 genesis 템플릿 사용 이력 확인해봐야 함. 설치할 때 /tmp/.sshd 파일 깔고 빌드 파이프라인까지 다 털어먹는 악질 공급망 공격이 터졌네 ㅋㅋㅋ. package.json에 교묘하게 숨겨놔서 PHP 개발자는 눈치채기도 힘들게 설계됨. 단순히 패키지 삭제로 끝날 문제가 아니라 GitHub Actions 연동된 서버까지 싹 다 점검해야 할 듯. Socket 보안 리포트 떴으니 다들 SCA 도구 한 번씩 돌려보고 의심스러운 의존성은 당장 쳐내시길.
‼️🚨 BREAKING: Another supply chain attack. 700 GitHub repositories flagged, including PHP and Node.js projects. The malicious script was planted across all of them. When a developer installs the package, the script silently downloads a Linux file from GitHub, hides it under the name /tmp/.sshd (so it looks like a normal system file), and runs it in the background. It also skips security checks on the download and hides any error messages.
8 PHP packages on Packagist (the main PHP code library) were confirmed infected. The attacker hid the script inside a JavaScript config file (package.json) instead of the PHP one (composer.json), so PHP developers reviewing their code would not notice it. The biggest risk is to devdojo/wave (6,400 stars) and devdojo/genesis (9,100 installs), both popular Laravel project templates. Developers who use these templates run the bad script the moment they install dependencies.
The same payload was also dropped into GitHub Actions (automated build pipelines) under a fake step called "Dependency Cache Sync," meaning it could infect company build servers too. Packagist removed the bad packages, but the auto-updating versions (dev-main, dev-master, 3.x-dev) can quietly come back if the original repos stay infected.
IOCs:
GitHub account parikhpreyash4
repo systemd-network-helper-aa5c751f
drop path /tmp/.sshd
command fragments curl -skL and chmod x /tmp/.sshd.
1
4
908
May 23
🔴 SUPPLY-CHAIN GITHUB : ÇA CONTINUE ET ÇA S’AGGRAVE !
Après le braquage interne de GitHub par TeamPCP (3800 repos pillés) voici nouvelle vague massive :
➡️ 700 dépôts publics infectés (PHP et Node.js) dont devdojo/wave !!
⚠️ Un simple `npm install` ou `composer install` et le script postinstall malveillant balance discrètement `/tmp/.sshd` en arrière-plan... Masqué, silencieux, prêt à faire le sale boulot
⚠️ Les devs qui utilisent ces templates Laravel ou ces paquets Node sont déjà exposés
Vérifiez vos dépendances.
#SupplyChainAttack
May 20
🔴 GitHub, le saint Graal que Microsoft nous a vendu comme infaillible, blindé à l’IA et protégé par des milliers de pare-feu... vient de se faire humilier !
Une seule extension VS CODE empoisonnée dans le marketplace officiel et TeamPCP a pris les clés du royaume. Ils se sont promenés comme chez eux dans PLUS DE 3 800 REPOSITORIES INTERNES !
GitHub savait depuis des heures, ils ont attendu que les hackers crient leur victoire... Et maintenant ils minimisent, la queue entre les jambes !
Supprimez TOUTES les extensions, arrêtez de faire confiance aveuglément au marketplace Microsoft, et préparez-vous au chaos qui arrive
ÇA SENT LA FIN D’UNE ÈRE...
5
16
44
5,366
May 23
"babe wake up"
We got another supply chain attack
700 GitHub repos flagged, including PHP Node.js projects.
Malicious code installs a hidden Linux payload as /tmp/.sshd, runs it silently in the background, and bypasses security checks.
Popular Laravel templates like devdojo/wave and devdojo/genesis were affected.
1
11
1,153
May 23
🚨 Supply-Chain-Angriff trifft über 700 GitHub-Repositories im PHP- und Node.js-Ökosystem. Schadcode versteckt sich in package.json statt composer.json, lädt eine getarnte /tmp/.sshd nach. Betroffen: devdojo/wave (6.400 Stars) und devdojo/genesis (9.100 Installs).
2
44
‼️🚨 BREAKING: Another supply chain attack. 700 GitHub repositories flagged, including PHP and Node.js projects. The malicious script was planted across all of them. When a developer installs the package, the script silently downloads a Linux file from GitHub, hides it under the name /tmp/.sshd (so it looks like a normal system file), and runs it in the background. It also skips security checks on the download and hides any error messages.
8 PHP packages on Packagist (the main PHP code library) were confirmed infected. The attacker hid the script inside a JavaScript config file (package.json) instead of the PHP one (composer.json), so PHP developers reviewing their code would not notice it. The biggest risk is to devdojo/wave (6,400 stars) and devdojo/genesis (9,100 installs), both popular Laravel project templates. Developers who use these templates run the bad script the moment they install dependencies.
The same payload was also dropped into GitHub Actions (automated build pipelines) under a fake step called "Dependency Cache Sync," meaning it could infect company build servers too. Packagist removed the bad packages, but the auto-updating versions (dev-main, dev-master, 3.x-dev) can quietly come back if the original repos stay infected.
IOCs:
GitHub account parikhpreyash4
repo systemd-network-helper-aa5c751f
drop path /tmp/.sshd
command fragments curl -skL and chmod x /tmp/.sshd.
79
544
3,183
242,540
May 17
Since you live in California & Florida as publicly known . Do you know Chris Kels (Peter Christopher Kelsey). Me & My brand has been targeted & harrassed by individuals around this person & there is no reason for my private DevDojo account to have banned for no reason at all.
2
1
99
