Found just outside Moscone North for RSA. Now I'm pumped for my talk tomorrow. #hacktheplanet

@sekoia.io FYI your TLS cert is showing invalid due to date expiration for *.sekoia.io

telling chatgpt my editor in a very blunt and snarky way, as all vim users do

Today is not a good day. Our dog needed a vet visit because he was weak and not eating. Turns out he had blood and fluid throughout his abdomen due to cancer. He was an amazing friend and family member, and tomorrow’s issue will be somber but commemorative with lots of pupper pics. Hug your dogs!

If indeed the problem is pushing malicious code and publishing directly to PyPi itself, there's only one listed account owner (though there could be more): Glenn Jocher. Email listed directly on PyPi. If someone got access to this email, you could search for it inside infostealer or breach databases

Quick guarddog scan found the offending code on one of the malicious versions. Unremarkably, its dropping cryptomining binaries for Linux and MacOS. An OSV entry for ultralytics malware still hasn't made it to the main osv database

Ultralytics, a python package with close to 6.4 million downloads per month, was backdoored to run a cryptominer. Running theory from the reported GitHub issue is a GitHub action injection attack, but theres also evidence that the malicious code was published directly via PyPi and skipped CI/CD

New Datadog threat research just dropped! We found a cluster of activity publishing ~a ton~ of malicious packages across PyPi and npm. Leveraged GitHub to host two stealer binaries and exfiltrated data to Telegram. https://buff.ly/3Ol7bBu

* Bastradamus 2 part series on creating a detection engineering lab
* Manuel Arrieta masterclass on hunting in VTI for malicious LNK files to detection opportunities
* JPCERT/CC's Shusei Tomonaga on Windows ETW internals