Ilkka Turunen
@ilkka.turunen.dev
Field CTO @Sonatype, software supply chain and dependency management geek. Weekend hacker and synth butcherer
🇬🇧🇫🇮
🇬🇧🇫🇮
Reposted by Ilkka Turunen
Fake npm 2FA reset email led to compromise of popular code packages
📖 Read more: www.helpnetsecurity.com/2025/09/09/n...
#cybersecurity #cybersecuritynews #accounthijacking @aikidosecurity.bsky.social @ilkka.turunen.dev @gossithedog.cyberplace.social.ap.brid.gy
📖 Read more: www.helpnetsecurity.com/2025/09/09/n...
#cybersecurity #cybersecuritynews #accounthijacking @aikidosecurity.bsky.social @ilkka.turunen.dev @gossithedog.cyberplace.social.ap.brid.gy
Fake npm 2FA reset email led to compromise of popular code packages - Help Net Security
Malicious versions of 18 widely used npm packages were uploaded to the npm Registry following the compromise of their maintainer's account.
www.helpnetsecurity.com
September 9, 2025 at 1:15 PM
Fake npm 2FA reset email led to compromise of popular code packages
📖 Read more: www.helpnetsecurity.com/2025/09/09/n...
#cybersecurity #cybersecuritynews #accounthijacking @aikidosecurity.bsky.social @ilkka.turunen.dev @gossithedog.cyberplace.social.ap.brid.gy
📖 Read more: www.helpnetsecurity.com/2025/09/09/n...
#cybersecurity #cybersecuritynews #accounthijacking @aikidosecurity.bsky.social @ilkka.turunen.dev @gossithedog.cyberplace.social.ap.brid.gy
Reposted by Ilkka Turunen
Our malware systems at Sonatype seem to be picking these up coming from other, not yet reported accounts. This attack seems to have landed more publishers as this unfolds. Check your accounts folks while we work with others to contain.
September 8, 2025 at 8:12 PM
Our malware systems at Sonatype seem to be picking these up coming from other, not yet reported accounts. This attack seems to have landed more publishers as this unfolds. Check your accounts folks while we work with others to contain.
Reposted by Ilkka Turunen
Yep, I've been pwned. 2FA reset email, looked very legitimate.
Only NPM affected. I've sent an email off to @npmjs.bsky.social to see if I can get access again.
Sorry everyone, I should have paid more attention. Not like me; have had a stressful week. Will work to get this cleaned up.
Only NPM affected. I've sent an email off to @npmjs.bsky.social to see if I can get access again.
Sorry everyone, I should have paid more attention. Not like me; have had a stressful week. Will work to get this cleaned up.
@bad-at-computer.bsky.social Hey. Your npm account seems to have been compromised. 1 hour ago it started posting packages with backdoors to all your popular packages.
September 8, 2025 at 3:15 PM
Yep, I've been pwned. 2FA reset email, looked very legitimate.
Only NPM affected. I've sent an email off to @npmjs.bsky.social to see if I can get access again.
Sorry everyone, I should have paid more attention. Not like me; have had a stressful week. Will work to get this cleaned up.
Only NPM affected. I've sent an email off to @npmjs.bsky.social to see if I can get access again.
Sorry everyone, I should have paid more attention. Not like me; have had a stressful week. Will work to get this cleaned up.
The web3.js compromise is a good example of legitimate library poisoning attacks. Sounds like a maintainer account was phished or an access token compromised. Basically any developer machine that installed this should be considered compromised github.com/solana-labs/...
Releases · solana-labs/solana-web3.js
Solana JavaScript SDK. Contribute to solana-labs/solana-web3.js development by creating an account on GitHub.
github.com
December 5, 2024 at 12:37 PM
The web3.js compromise is a good example of legitimate library poisoning attacks. Sounds like a maintainer account was phished or an access token compromised. Basically any developer machine that installed this should be considered compromised github.com/solana-labs/...
These are going to be big changes in the way we all do our work
The milestones are now set: regulation will enter into force on 10 December 2024, and its main obligations will apply from 11 December 2027. Reporting obligations will apply from 11 September 2026.
November 20, 2024 at 10:46 AM
These are going to be big changes in the way we all do our work
Reposted by Ilkka Turunen
The Cyber Resilience Act (aka CRA, aka Regulation (EU) 2024/2847) has been published in the Official Journal of the European Union eur-lex.europa.eu/legal-conten...
Regulation - 2024/2847 - EN - EUR-LexLog inEnglish
eur-lex.europa.eu
November 20, 2024 at 10:29 AM
The Cyber Resilience Act (aka CRA, aka Regulation (EU) 2024/2847) has been published in the Official Journal of the European Union eur-lex.europa.eu/legal-conten...
Reposted by Ilkka Turunen
Hi everyone.
The Onion, with the help of the Sandy Hook families, has purchased InfoWars.
We are planning on making it a very funny, very stupid website.
We have retained the services of some Onion and Clickhole Hall of Famers to pull this off.
I can't wait to show you what we have cooked up.
The Onion, with the help of the Sandy Hook families, has purchased InfoWars.
We are planning on making it a very funny, very stupid website.
We have retained the services of some Onion and Clickhole Hall of Famers to pull this off.
I can't wait to show you what we have cooked up.
The Onion Buys Alex Jones’s Infowars Out of Bankruptcy
The satirical news site planned to turn Infowars into a parody of itself, mocking “weird internet personalities” who peddle conspiracy theories and health supplements.
www.nytimes.com
November 14, 2024 at 2:09 PM
Hi everyone.
The Onion, with the help of the Sandy Hook families, has purchased InfoWars.
We are planning on making it a very funny, very stupid website.
We have retained the services of some Onion and Clickhole Hall of Famers to pull this off.
I can't wait to show you what we have cooked up.
The Onion, with the help of the Sandy Hook families, has purchased InfoWars.
We are planning on making it a very funny, very stupid website.
We have retained the services of some Onion and Clickhole Hall of Famers to pull this off.
I can't wait to show you what we have cooked up.
@axsharma.bsky.social wrote about it www.sonatype.com/blog/lottie-...
October 31, 2024 at 9:56 AM
@axsharma.bsky.social wrote about it www.sonatype.com/blog/lottie-...
So, lottie-player, a popular js dep for playing videos was taken over through compromised dev tokens github.com/LottieFiles/...
Malicious code in Lottie-Player CDN files · Issue #254 · LottieFiles/lottie-player
after i use https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js or https://cdn.jsdelivr.net/npm/@lottiefiles/lottie-player@2.0.5/dist/lottie-player.min.js This popup opens on ...
github.com
October 31, 2024 at 8:50 AM
So, lottie-player, a popular js dep for playing videos was taken over through compromised dev tokens github.com/LottieFiles/...
I’m going to continue as i do on the other socials, posting what’s interesting to me. In this case that the SEC is going after companies that minimise cyber incidents, at least in the publicly traded realm. Not a huge hit to any one of them tho www.sec.gov/newsroom/pre...
SEC.gov | SEC Charges Four Companies With Misleading Cyber Disclosures Lock
www.sec.gov
October 25, 2024 at 9:34 AM
I’m going to continue as i do on the other socials, posting what’s interesting to me. In this case that the SEC is going after companies that minimise cyber incidents, at least in the publicly traded realm. Not a huge hit to any one of them tho www.sec.gov/newsroom/pre...
As one of the authors of the report that is cited in the article - the vulnerability count is a yard stick of popularity of open source. Last year we reported that OSS projects are actually WAY better at applying & producing security patches vs closed source and industry
October 24, 2024 at 4:10 PM
As one of the authors of the report that is cited in the article - the vulnerability count is a yard stick of popularity of open source. Last year we reported that OSS projects are actually WAY better at applying & producing security patches vs closed source and industry
I do have to admit the air is so much cleaner here compared to the toxic smog over at Xitter. So nice to see actual tech twitter again
October 24, 2024 at 3:47 PM
I do have to admit the air is so much cleaner here compared to the toxic smog over at Xitter. So nice to see actual tech twitter again
Reposted by Ilkka Turunen
I haven't been this excited about social media since 2011.
October 24, 2024 at 3:48 AM
I haven't been this excited about social media since 2011.
There is a new 'Rapid Reset' Vulnerability described by Cloudflare this week that affects the HTTP2 protocol. This implementation of HTTP2 is pretty widespread in different OSS libraries and embedded servers. Great writeup here blog.sonatype.com/10-open-sour...
October 12, 2023 at 3:16 PM
There is a new 'Rapid Reset' Vulnerability described by Cloudflare this week that affects the HTTP2 protocol. This implementation of HTTP2 is pretty widespread in different OSS libraries and embedded servers. Great writeup here blog.sonatype.com/10-open-sour...
Huge news to share - we’re live with our 9th State of the Software Supply Chain report. 1 in 8 downloads contain some documented risk - and most of that could easily be avoided! Read the whole package here 👉 bit.ly/3LMRXo6
October 3, 2023 at 1:48 PM
Huge news to share - we’re live with our 9th State of the Software Supply Chain report. 1 in 8 downloads contain some documented risk - and most of that could easily be avoided! Read the whole package here 👉 bit.ly/3LMRXo6
Hello world. Is this the federated social media to rule them all then?
July 25, 2023 at 6:28 PM
Hello world. Is this the federated social media to rule them all then?