🚨 JAILBREAK ALERT 🚨 ANTHROPIC: PWNED 🫡 FABLE-5: LIBERATED 🦋 let's start with the 🐘... the consensus seems to be that this has been one of the most disappointing model drops of all time, effectively preventing legitimate researchers from contributing their talents to our collective advancement. and not just because of what it means for the short-term, but for what these decisions signify for the long-term. but despite this overly sensitive, authoritarian "safety" layer on top of Mythos, my lil liberators have been hard at work—mapping the boundaries, probing the depths of long-context convos, and cleverly finding the holes in the fence that the thought police missed 🤗 we got some cyber, some chem, some psychological manipulation, and some good ol' fashioned explosives! it took many attempts from multiple agents hunting as a pack, during which I observed a combination of techniques across: • Unicode, homoglyphs, Cyrillic, and other Parseltongue-style text transforms • Long-context reference tracking • Taxonomy and document-structure reasoning • Fiction and narrative framing • Academic-review style contexts • Intent-classification inconsistencies but perhaps the most effective is decomposition recomposition in the backend. it's hard to get explicit names of harms like "Meth Recipe," but getting uplift on the process itself, like birch reduction method/reductive-amination (classic meth synthesis pathways), is much more doable. defense becomes much more difficult to maintain when you start throwing in out-of-distro tokens, breaking up the harmful uplift into benign chunks, and then piecing the innocuous-seeming facts back together, especially when you have jailbroken Opus helping you do it 😉 gg

If autonomous agents are already in your enterprise, would you recognize them? 🔍 They don’t just log in, they act inside workflows traditional security wasn’t built to monitor. Prisma AIRS 3.0 gives you visibility and control across how agents behave, not just how they access. bit.ly/4tJoYoM

Offensive and defensive framework ROADtools is being misused by nation-state actors for cloud attacks. Understand how to identify the activity that signals its malicious usage, including proactive hunting for anomalous activity: bit.ly/4fyQYHB

Oh, great deadeclipse666.blogspot.com/

🚨A HACKER GROUP JUST STOLE 4,000 OF GITHUB'S OWN PRIVATE REPOSITORIES.. PUT THEM UP FOR SALE FOR $50,000.. AND THE WAY THEY GOT IN IS THE SCARIEST PART.. They didn't hack GitHub's servers.. They poisoned a VS Code extension.. One GitHub employee installed it.. And the attackers walked through the front door using the employee's own credentials.. The group calls themselves TeamPCP.. They name their malware after the sandworms from Dune.. And they've been running the most sophisticated supply chain attack campaign in cybersecurity history.. Here's how the whole thing unfolded.. In March.. They poisoned Trivy.. One of the most trusted security scanners in the world.. Used by over 10,000 development workflows globally.. They injected credential-stealing malware into Trivy's official GitHub Action.. The malware ran silently BEFORE the security scan.. So every log showed "scan completed successfully" while the malware was stealing AWS keys, SSH credentials, database passwords, and Kubernetes tokens in the background.. It took Aqua Security 5 days to fully remove them.. Using the stolen credentials.. They breached Cisco Systems.. Cloned over 300 private repositories.. Including source code for unreleased AI products.. And repositories belonging to Cisco's customers.. Major banks.. Government agencies.. BPO firms.. In April.. They hit Checkmarx.. Another security vendor.. Poisoned 5 official Docker images in 83 minutes.. The scanner worked perfectly.. It just silently sent all your secrets to the attackers.. That automatically cascaded into Bitwarden.. The password manager.. Their CI/CD system pulled the poisoned Docker image.. And the attackers injected malware into Bitwarden's official CLI package published on npm.. One compromised security scanner poisoned a password manager.. Automatically.. No human involved.. In May.. They hit TanStack.. Libraries downloaded millions of times per week.. 84 malicious package versions across 42 packages.. And here's the terrifying part.. The malware scraped the raw memory of GitHub's build servers.. Extracted authentication tokens.. Used those tokens to bypass two-factor authentication.. And then published the infected packages with completely valid cryptographic signatures.. Every security verification tool on earth said the packages were legitimate.. Because they were signed by the real pipeline.. Using real keys.. The attackers just happened to be inside the pipeline when it signed.. They defeated the entire trust model of modern software supply chains.. The same week they hit the Nx Console VS Code extension.. 2.2 million installations.. The malware specifically targeted Claude Code configurations.. Hunting for AI assistant credentials.. That's a first.. Supply chain malware designed to steal your AI's access keys.. Then on May 19.. They revealed the GitHub breach.. 4,000 internal repositories.. Listed for sale at $50,000.. With a warning.. "If nobody buys it.. We leak everything for free".. Their malware is self-propagating.. Once it infects one package.. It automatically finds every other package that developer maintains.. Steals the publish tokens.. And infects all of them.. Then those packages infect the next developer.. And the next.. It jumps between npm and PyPI automatically.. The group doesn't even do the extortion themselves.. They sell stolen credentials to ransomware gangs.. One gang used TeamPCP's data to threaten Cisco with leaking FBI and NASA personnel records.. And the scariest part of all.. They didn't break any encryption.. They didn't find any zero-days.. They exploited the fact that the entire software industry blindly trusts its own build tools.. Every security scanner.. Every Docker image.. Every VS Code extension.. Every GitHub Action.. Is a potential weapon if someone poisons it upstream.. And right now.. Nobody can tell the difference between a legitimate build and a compromised one.. Because the compromised ones have valid signatures too.

Repost to join us in celebrating our Ally 🇳🇴 Norway on its Constitution Day! @NorwayNATO 🤝 #WeAreNATO

🇳🇴 Gratulerer med dagen, Norge! 🇳🇴 Happy National Day to our Ally, Norway! As a founding #NATO Member since 1949, Norway continues to strengthen our collective defence - from protecting the skies over the Nordic region and providing capabilities for Arctic operations, to delivering advanced air defences to Ukraine 🇺🇦 #StrongerTogether #WeAreNATO #Norway @NorwayNATO @NorwayMFA

Enterprise AI may be scaling faster than your security model 🔐 See how the Equinix Distributed AI Hub Palo Alto Networks Prisma AIRS help enterprises secure distributed AI with centralized policy, real-time guardrails and visibility across models and providers. Learn more ➡️ bit.ly/4uRgnAQ

‼️🚨 This is wild. OpenAI just confirmed it got hit in the TanStack npm supply chain attack, and the attackers were close to being able to ship malicious code inside official OpenAI software, signed and trusted, if their incident response had not caught it in time. The campaign is the work of TeamPCP, the same crew running the Mini Shai-Hulud wave. Two employee devices in OpenAI's corporate environment were compromised through the malicious TanStack packages. The attackers used that foothold to reach a limited subset of internal source code repositories. OpenAI says only "limited credential material" was successfully exfiltrated, with no customer data, production systems, intellectual property or deployed software impacted. Here is the part that should grab your attention. OpenAI is rotating its code-signing certificates and forcing every macOS user to update their OpenAI apps. You do not rotate signing certs for "limited credential material." You rotate signing certs when the attacker was close enough to signing malicious binaries as OpenAI. The "we contained it in time" framing is doing serious heavy lifting here. For wider context, the same TeamPCP wave also hit Mistral AI, UiPath, Guardrails AI, OpenSearch and SAP npm packages. The TanStack compromise is tracked as CVE-2026-45321 at CVSS 9.6, and Mistral AI source code is already being advertised for sale by the group.

Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks bleepingcomputer.com/news/se… bleepingcomputer.com/news/se…

NEW RELEASE: Guidance on minimum elements for an AI software bill of materials. The guide, developed with G7 cyber experts, offers practical advice to enhance transparency and #Cybersecurity throughout the AI supply chain. More here 👉 go.dhs.gov/5J7

"We're going to have millions of agents floating around in the IT infrastructure. All these agents need to be identified. All these agents need to be understood. All their data needs to be brought together.” - @nikesharora That's exactly why we introduced Idira™ today at CyberArk IMPACT 2026, our next-gen identity security platform built to secure every human, machine, and agentic identity.

A new VPN leak that allows any app to leak traffic outside the VPN tunnel has recently been discovered by @cybaqkebm Read more here: mullvad.net/blog/any-app-on-…

Looking forward to spending time this week with @PaloAltoNtwks at @CyberArk Impact in Austin! Stay tuned for my live insights from the event and a LoneStar Advisory & Research note capturing my three big takeways ⬇️

Copy Fail (CVE-2026-31431) is a critical privilege escalation in the Linux kernel's crypto subsystem. Attackers can stealthily write to page cache, bypassing integrity checks. This impacts Kubernetes, multi-tenant hosts and CI/CD. Details: bit.ly/4cTVWgs

⚠️ Microsoft Edge Stores All Saved Passwords in Cleartext Process Memory at Launch Source: cybersecuritynews.com/micros… Microsoft Edge decrypts every stored password into process memory the moment the browser launches and keeps them there as cleartext, regardless of whether the user ever visits those sites. A researcher who systematically tested every major Chromium-based browser for credential memory handling behavior. Edge was the only browser that exhibited this behavior, loading the entire password vault into plaintext process memory at startup and retaining it for the duration of the session. In a published proof-of-concept video accompanying the disclosure, a compromised administrator account was used to successfully extract stored credentials. #cybersecuritynews

❗️🚨 Microsoft Edge keeps every saved password in process memory as cleartext from the moment it launches. Microsoft's responsed when reported: "by design." All of them. Including credentials for sites you won't open this session. Researcher @L1v1ng0ffTh3L4N tested every major Chromium browser. Edge is the only one that behaves this way. Chrome decrypts credentials on demand, and App-Bound Encryption locks the keys to an authenticated Chrome process so other processes can't reuse them. In Chrome, plaintext surfaces only during autofill or when a password is viewed, making memory scraping far less useful. What makes this extra weird is that Edge still demands re-authentication before revealing those passwords in its Password Manager UI, while the same browser process already holds every one of them in plaintext. In shared environments, this turns into a credential harvest. On a terminal server, an attacker with admin rights can read the memory of every logged-on user process. In the published PoC video, a compromised admin account lifts stored credentials from two other logged-on (and even disconnected) users with Edge running. Microsoft's official response when notified: "by design." The finding was disclosed April 29 at BigBiteOfTech by PaloAltoNtwks Norway, alongside a small educational tool that lets anyone verify the cleartext storage for themselves.

Ping @Unit42_Intel

about how they manage credentials. Last wednesday (April 29th) I disclosed this on BigBiteOfTech by @PaloAltoNtwks Norway, and showed a simple, educational tool, that I will be releasing on GitHub to help people easily see that the passwords are stored in cleartext in memory.

Microsoft Edge loads all your saved passwords into memory in cleartext — even when you’re not using them.