Adam Baldwin
LightNews LightNews
banner
evilpacket.net
Adam Baldwin
@evilpacket.net
950 followers 610 following 520 posts
Hacker / Farmer / Builder / Breaker

Prev: Code4rena, Okta, Auth0, GitHub, npm, ^lift, &yet, Symantec.

Pioneered BlindXSS & DVCS Pillaging

npm audit is my fault. More info: https://evilpacket.net
Posts Replies Media Videos
Pinned
evilpacket.net
Adam Baldwin @evilpacket.net · Jan 27
Disobey.
Reposted by Adam Baldwin
securitylab.github.com
🚀 GitHub is making Actions more secure by default

We recently announced upcoming changes to the pull_request_target event and environment protection rules to make GitHub Actions more secure by default.

We’ve opened a discussion to gather feedback 👇

🔗 github.com/orgs/communi...
Towards a secure by default GitHub Actions · community · Discussion #179107
Why are you starting this discussion? Product Feedback What GitHub Actions topic or product is this about? Workflow Configuration Discussion Details Today, GitHub announced upcoming changes to the ...
github.com
November 11, 2025 at 6:38 PM
evilpacket.net
Half the metal🤘🏻 is up. It’s slow moving today. Let’s hope we can get the other side done in a couple hours before dark 😅
November 9, 2025 at 10:46 PM
evilpacket.net
Pro tip. Don’t fall off a ladder alone in the woods. Did that yesterday about 6 feet up. Missed the stump that tried to skewer me but my head hit the air compressor on the way down & then the ladder / nail gun fell on me. I got super lucky I only have minor injuries. Stay safe! ❤️
Chicken coop roof rafters about 7 feet up
November 9, 2025 at 4:38 PM
Reposted by Adam Baldwin
lukekarrys.com
reminder that i'm matching all donations to any local food bank or panty (or hungry person's venmo, whatever) for my upcoming #cranksgiving ride

i hope SNAP gets fully funded this month but we need to feed our neighbors however we can ❤️
lukekarrys.com luke karrys @lukekarrys.com · 12d
last year for #cranksgiving i bought and hauled 208lbs of food to the Tempe Community Action Agency Food Panty.

this year i have plans to add a trailer and get over 300lbs.
lukekarrys.com luke karrys @lukekarrys.com · Nov 16
final weigh in: 208lbs!
November 6, 2025 at 9:29 PM
Reposted by Adam Baldwin
harisec.bsky.social
I generated 20k vibe-coded web applications using various models via the OpenRouter API and analyzed them for security issues.
The apps are available for download if anyone wants to take a look.
www.invicti.com/blog/securit...
Security Issues in Vibe-Coded Web Apps: Analysis, Vulnerabilities, Scanning
Learn about common security issues in AI-generated software, based on an analysis of over 20,000 vibe-coded web apps.
www.invicti.com
November 6, 2025 at 7:28 AM
evilpacket.net
More info. I'll put up a blog post when I have time. bsky.app/profile/did:...
evilpacket.net Adam Baldwin @evilpacket.net · 12d
Socket paid me $50 for a bug in Socket Firewall (sfw), well $48.50 after PayPal kicked me in the shins and took my lunch money. I'll write up some details tomorrow.
Socket Inc sent you $50.00 USD
October 31, 2025 at 5:29 PM
evilpacket.net
ACE in the .swf.config hole

As everyone here already knows the software supply chain is an absolutely tire fire so companies like Socket and others build a corpus of signals and tooling that can use at various stages of the SDLC to help fight the bs that's been going on for far too long.
an illustration of a dumpster with a fire coming out of the top
Alt: an illustration of a dumpster with a fire coming out of the top representative of the software supply chain.
media.tenor.com
October 31, 2025 at 5:24 PM
evilpacket.net
Socket paid me $50 for a bug in Socket Firewall (sfw), well $48.50 after PayPal kicked me in the shins and took my lunch money. I'll write up some details tomorrow.
Socket Inc sent you $50.00 USD
October 31, 2025 at 6:12 AM
Reposted by Adam Baldwin
python.org
TLDR; The PSF has made the decision to put our community and our shared diversity, equity, and inclusion values ahead of seeking $1.5M in new revenue. Please read and share. pyfound.blogspot.com/2025/10/NSF-...
🧵
The official home of the Python Programming Language
www.python.org
October 27, 2025 at 2:47 PM
evilpacket.net
Productivity pro tip. Leave your phone laying outside in the yard all day.
October 28, 2025 at 12:21 AM
evilpacket.net
Didn’t need that part of my glasses anyway.
October 26, 2025 at 8:05 PM
Reposted by Adam Baldwin
josephcox.bsky.social
New: a $60 mod to Meta's Ray-Ban glasses disables the privacy LED light. This is supposed to light when people are filming with the glasses. We bought the mod, verified it works. Now you can never be sure whether someone wearing Meta Ray-Bans is filming you or not
www.404media.co/how-to-disab...
A $60 Mod to Meta’s Ray-Bans Disables Its Privacy-Protecting Recording Light
Meta’s Ray-Ban glasses usually include an LED that lights up when the user is recording other people. One hobbyist is charging a small fee to disable that light, and has a growing list of customers ar...
www.404media.co
October 23, 2025 at 1:01 PM
evilpacket.net
So tired of hearing

"You're absolutely right to question that!"
October 23, 2025 at 9:22 PM
evilpacket.net
Fun ways I've found to tell my llm to "continue" today.

Giddyup
let's fuck it up fam
October 22, 2025 at 10:55 PM
evilpacket.net
BINGO! I found the smoking gun!

and other llm favorites.
October 22, 2025 at 10:52 PM
evilpacket.net
Ive been struggling for focus lately. Took a slow day by the fire yesterday and got a decent amount done. Going to try that again. No urgency just progress.
October 22, 2025 at 3:31 PM
Reposted by Adam Baldwin
secure-ics-ot.bsky.social
October 21, 2025 at 12:39 AM
Reposted by Adam Baldwin
kjephd.bsky.social
Whoa. Chicago mayor calls for a general strike; now we're talking

www.huffpost.com/entry/chicag...
Chicago Mayor Issues Defiant Call For A General Strike
It was an audacious proposal, given that the U.S. has never held a true, nationwide general strike.
www.huffpost.com
October 19, 2025 at 11:27 PM
Reposted by Adam Baldwin
eljefe.social
hey protesters, Remember one thing this weekend:

The cops are NOT on your side.
October 17, 2025 at 4:29 PM
Reposted by Adam Baldwin
josephcox.bsky.social
New: hackers just doxed hundreds of DHS, ICE, FBI, and DOJ officials. I went through the data. In many cases does look legitimate, sometimes includes residential addresses.

“Mexican Cartels hmu [hit me up] we dropping all the doxes wheres my 1m [1 million].”

www.404media.co/hackers-dox-...
Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ Officials
Scattered LAPSUS$ Hunters—one of the latest amalgamations of typically young, reckless, and English-speaking hackers—posted the apparent phone numbers and addresses of hundreds of government officials...
www.404media.co
October 17, 2025 at 2:36 AM
Reposted by Adam Baldwin
neolithicsheep.bsky.social
Don't photograph anyone else at a protest either.
johnathanperk.bsky.social Johnathan @johnathanperk.bsky.social · 26d
ProTip. Don’t photograph yourself at a protest.
piperformissouri.bsky.social Jess Piper @piperformissouri.bsky.social · 27d
Take a picture of yourself at the No Kings rally.

Print it.

Put it in a frame.

Your grandchildren will speak about you for generations to come. You took a stand against fascism. You stood up for democracy. 
October 17, 2025 at 12:53 AM
Reposted by Adam Baldwin
krassenstein.bsky.social
This is great
October 13, 2025 at 5:38 PM
evilpacket.net
If somebody says “ah shit” and then pauses my brain immediately busts out “I got a head rush”
October 15, 2025 at 12:51 AM
evilpacket.net
npm install totallynotavirustrustmeimadolphin
asrivkin.bsky.social Andy Rivkin @asrivkin.bsky.social · Oct 12
In honor of spooky month, share a 4 word horror story that only someone in your profession would understand.

Visit Planner timed out.
barbylon.bsky.social barbylon @barbylon.bsky.social · Oct 12
In honor of spooky month, share a 4 word horror story that only someone in your profession would understand.

The valve stuck open.
October 12, 2025 at 7:52 PM
Reposted by Adam Baldwin
beny23.github.io
Nice GitHub vuln via copilot. Good thing copilot isn’t being stuffed into everything. www.legitsecurity.com/blog/camolea...
CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
Get details on our discovery of a critical vulnerability in GitHub Copilot Chat.
www.legitsecurity.com
October 12, 2025 at 3:14 PM