🚨 node-ipc is compromised again. Three new malicious versions just dropped: 9.1.6, 9.2.3, and 12.0.1. Socket’s AI scanner flagged them as malware within three minutes of publication. The attack vector: a dormant maintainer account (atiertant) was likely taken over via an expired email domain. The attacker registered the lapsed domain, triggered an npm password reset, and gained publish rights to a package with millions of historical downloads. The payload is a credential stealer embedded in the CommonJS entrypoint (node-ipc.cjs). It activates on require(“node-ipc”), not through a postinstall script. Here’s what it does: •Fingerprints the host (OS, arch, hostname, uname) •Harvests 113-127 credential file patterns depending on platform (AWS, GCP, Azure, SSH keys, Kubernetes configs, npm tokens, .env files, shell histories, macOS Keychain databases, and more) •Dumps the entire process.env, capturing every CI secret and cloud credential in memory •Builds a gzip archive in a temp directory •Exfiltrates everything over DNS TXT queries to bt[.]node[.]js, using a bootstrap resolver at sh[.]azurestaticprovider[.]net:443 (a deliberate lookalike of Microsoft’s Azure Static Web Apps domain) The DNS exfiltration is chunked. A 500 KB archive generates roughly 29,400 TXT queries. The body is XOR-encrypted with a SHA-256 keystream, base64-encoded, alphabet-substituted, and split into 31-character chunks before hex-encoding into DNS labels. Header, data, and footer queries use xh, xd, and xf prefixes respectively. The malware forks a detached child process (env var __ntw=1) so credential theft runs silently in the background. It also exposes a __ntRun export, meaning any downstream code that calls require(“node-ipc”).__ntRun() can trigger a second collection/exfiltration cycle. ESM-only consumers using the import path are not affected by the reviewed package metadata. CommonJS consumers are. This is the same package involved in the 2022 protestware incident. It has a history. If you use node-ipc: •Do not install 9.1.6, 9.2.3, or 12.0.1 •Audit your lockfiles for these versions •If you loaded the CommonJS entrypoint, treat all environment variables, SSH keys, cloud credentials, npm tokens, and local secrets as compromised. Rotate immediately. •Hunt for DNS TXT queries to bt[.]node[.]js and sh[.]azurestaticprovider[.]net in your network logs •Check for temp files matching /nt-/.tar.gz Credit to Ian Ahl (@TekDefense) for first publicly identifying the expired-domain account takeover vector. Developing story. Full technical breakdown and IOCs on the Socket blog:

🚨 BREAKING: node-ipc compromised. Again. Three malicious versions of node-ipc (9.1.6, 9.2.3, 12.0.1) were published today carrying an identical credential-stealing payload. This package has 10M+ weekly downloads. Here's what happened: An attacker injected an 80KB obfuscated IIFE into the CommonJS bundle. It fires on every require('node-ipc') call. No special config needed, just importing the package is enough. What it steals: → AWS, Azure, GCP credentials → SSH private keys → Kubernetes configs → Docker tokens → GitHub CLI tokens → AI tool configs (including Claude) → Terraform state → 90+ credential file patterns in total Everything gets gzipped and exfiltrated to an attacker-controlled domain (sh[.]azurestaticprovider[.]net) via DNS TXT queries and HTTPS POST, designed to look like normal traffic. The attacker published across two major version lines simultaneously (9.x and 12.x) to maximize blast radius. Semver ranges like ^9, ~9.1.x, ~9.2.x, ^12, and ~12.0 all resolve to compromised versions automatically on the next install or lockfile refresh. Key details: Only the CommonJS bundle (node-ipc.cjs) is affected. ESM imports are clean. The 9.x releases are fabricated. The 9.x line never shipped a .cjs bundle before this attack. This is a different actor from the 2022 peacenotwar incident. Purely financial, credential-theft motivation. If you installed any of these versions, assume all secrets on that machine are compromised. Rotate everything. Our full technical breakdown covers the attack chain stage by stage, IOCs, and how to check if you're affected:

🚨 SlowMist TI Alert 🚨 MistEye has received critical threat intelligence regarding an active supply chain attack compromising node-ipc, a foundational Node.js library. The malicious releases have been identified as versions 9.1.6, 9.2.3, and 12.0.1. Threat actors injected an obfuscated credential-stealing payload into the CommonJS bundle. Once loaded, it silently harvests over 90 categories of developer data—including AWS, Azure, GCP, SSH, K8s tokens, and Terraform states—and exfiltrates it to attacker-controlled infrastructure. We have synchronized this IOC with our clients immediately. Detection & Remediation: Please urgently audit your environments for exposure: • Dependencies: Run npm ls node-ipc --all to identify direct or transitive inclusions. • Lockfiles: Search package-lock.json, yarn.lock, or pnpm-lock.yaml for the affected version ranges. • CI/CD: Review pipeline jobs executed after May 14, 2026, that may have pulled loose semver updates (~9.1.x, ^12, etc.). ⚠️ Critical Action: If a compromised version was installed, assume certain compromise. Do not wait for exfiltration confirmation. Downgrade to a known safe version immediately and aggressively rotate all credentials, tokens, and environment secrets present on the affected machine or CI runner. As always, stay vigilant!

How far down are major cryptos from their ATHs 🔴 1. $BTC - 36.7% 2. $ETH - 54.1% 3. $BNB - 51.1% 4. $XRP - 60.7% 5. $SOL - 68.9% 6. $TRX - 18.6% Are you bullish on any of these reclaiming their ATH?

The CoinDesk 20 is currently trading at 2196.49, down 1.6% (-36.49) since 4 p.m. ET on Monday. Three of 20 assets are trading higher. Leaders: $CRO (+1.9%) and $BNB (+0.2%). Laggards: $SUI (-4.9%) and $TAO (-4.4%).

According to The Inquisitive Problem Solver, the only positive integer solution to: A × B × C = C × D × E = E × F × G is: 8 × 1 × 9 = 9 × 2 × 4 = 4 × 6 × 3, if we assume that each variable must be a single digit.

Smuggling AI servers into China didn’t change the downward trend in Super Micro’s gross margin Excerpt: "...servers sold for $510 million between late April 2025 and mid-May 2025..." Full article: At least ~10% of Super Micro’s 2Q CY2025 revenue was tied to servers reportedly smuggled into China. In theory, these should carry much higher margins, but gross margin still declined sharply to 9.6% (vs. 11.3% in 2Q CY2024). Two possibilities: 1. Margins in the legitimate business are simply too weak. This is consistent with my earlier view that AI server assembly margins are under pressure ( Super Micro’s structural disadvantages, including smaller scale and weaker execution, further amplify margin pressure. 2. Super Micro likely wasn’t the only one involved in smuggling. With alternatives available, buyer leverage increased, so margins on those sales were probably not as high as expected.

[📢] 𝗗-𝗟𝗜𝗧𝗘 𝗝𝗔𝗣𝗔𝗡 𝗟𝗜𝗩𝗘 𝗧𝗢𝗨𝗥 𝟮𝟬𝟮𝟰 - 𝗘𝗻𝗰𝗼𝗿𝗲- 𝗨𝗺𝗯𝗿𝗲𝗹𝗹𝗮 (傘) (𝗗’𝘀 𝗜𝗦 𝗠𝗘 𝗟𝗶𝗺𝗶𝘁𝗲𝗱 𝗘𝗱𝗶𝘁𝗶𝗼𝗻) 𝗢𝗡-𝗦𝗜𝗧𝗘 𝗦𝗔𝗟𝗘 𝗢𝗡𝗟𝗬 ⠀ ■詳細 1.OUT BOX (68x99mm) 2.IMAGE CARD (55x85mm) CARD (55x85mm / Random 1ea out of 2ea) PHOTO CARD (55x85mm) 5.SCRATCH CARD (85x55mm / Random 1ea out of 2ea) 6.LYRICS (255x165mm) ⠀ ■当日直接販売開始時間 ✔ 2024年11月30日(土) 東京・武蔵野の森総合スポーツプラザ メインアリーナ 会場前物販ブースにて　12:00～終演後まで ✔ 2024年12月1日(日)　 東京・武蔵野の森総合スポーツプラザ メインアリーナ 会場前物販ブースにて　11:00～終演後まで ✔ 2024年12月14日(土)　 兵庫・神戸ワールド記念ホール 会場前物販ブースにて　12:00～終演後まで ✔ 2024年12月15日(日)　 兵庫・神戸ワールド記念ホール 会場前物販ブースにて　11:00～終演後まで ⠀ ■PLVEアルバムの使い方 2.SNSアカウントで認証後、ログイン。 3.画面下部の「イメージボタン」をタップして、イメージカードをスキャン。 4.シリアルナンバーを登録。 5.アルバムをダウンロード。 ※一度登録したアルバムは、再登録不可になりますので、予めご了承ください。 ※2024年11月30日(土)19時以降にシリアルナンバーが記載されているイメージカードのスキャンが可能となります。 ※商品に不備がない限り、返品はご遠慮いただきますようお願いいたします。ご購入時に商品に不備がないか必ずご確認ください。 ⠀ ■PLVE販売 ※本商品は、各会場のグッズ販売所にて販売いたします。 ※音楽の視聴開始は、11月30日19時からとなります。 ※本商品は会場限定・数量限定での販売となります。 予めご了承ください。 ※当日の公演チケットをお持ちのお客様のみ、お一人様2点までご購入いただけます。 ※当日の状況により、販売時間が変更となる場合がございます。予めご了承ください。 ⠀ ■PLVEお問い合わせ ✔ アプリ内：設定ボタン（⚙️）>> 「1対1お問い合わせ」 ✔ メールアドレス：umkent@gadi.co.kr ⠀ #대성# #DAESUNG# #DLITE# #Ds_IS_ME# #Encore# #Live_tour#

Roll the highlights ⏪ Mal: 53 PTS (9 3PM) / 6 REB / 4 AST  Jok: 23 PTS / 21 REB / 19 AST / 1 STL P-Wat: 21 PTS / 4 REB / 3 AST  Cam: 12 PTS / 3 AST / 1 BLK CB: 11 PTS / 3 REB / 4 AST

Numbers from the win 📊 Mal: 37 PTS (10 3PM) / 5 REB / 5 AST / 1 STL / 2 BLK Cam: 19 PTS (3 3PM) / 9 REB / 6 AST / 2 STL CB: 18 PTS / 6 REB / 4 AST  Jok: 15 PTS / 17 REB / 12 AST  JV: 13 PTS / 6 REB / 1 BLK Bruce: 11 PTS / 3 REB / 4 STL / 1 BLK