🚨 MistEye TI Alert 🚨 Based on recent intelligence, multiple high-frequency npm packages, including AntV and Echarts-for-react, as well as the durabletask Python SDK, have been compromised by Mini Shai-Hulud supply chain attacks. Notably: 1. May 19, 2026: The npm account atool (i@hust.cc) was compromised, allowing attackers to automatically publish 637 malicious versions across 317 packages within 22 minutes. 2. May 20, 2026 (Beijing Time): Within 35 minutes, attackers consecutively uploaded durabletask versions 1.4.1, 1.4.2, and 1.4.3 at 00:19, 00:49, and 00:54, bypassing normal release controls and impersonating official Microsoft releases. Additionally, these two events—the large-scale GitHub token leaks (potentially exposing official repositories) and the Grafana Labs targeted ransom attack—are likely related to the Mini Shai-Hulud supply chain compromise: • GitHub token leaks: Evidence suggests some leaked tokens may have been used to access and potentially sell official GitHub repositories. The leaks were caused by a compromised employee device, which involved a polluted VS Code extension. • Grafana Labs attack (May 16, 2026): A cybercrime group gained unauthorized access to their GitHub repositories, downloaded the codebase, and issued a ransom demand under threat of data disclosure. Affected Components / Targets: • npm packages: AntV, Echarts-for-react, and other high-frequency components in the npm ecosystem. • Python packages: durabletask 1.4.1, 1.4.2, 1.4.3. • Developer credentials and secrets: GitHub PATs, npm Tokens, AWS Keys, Kubernetes Secrets, Vault Tokens, SSH keys, and over 90 types of local sensitive files. • GitHub repositories: internal codebases potentially accessible via leaked tokens. • Grafana Labs’ repositories (downloaded by attackers; ransom demanded). Potential Attacker Actions: • Immediate exfiltration of cloud and local credentials upon package installation or import. • Unauthorized access to internal repositories and sensitive cloud infrastructure. • Lateral movement across developer machines, CI/CD pipelines, and cloud workloads. • Sale and exploitation of leaked GitHub tokens. • Supply chain compromise affecting dependent projects and production systems. • Ransom demands and potential data disclosure threats against organizations, including open source platforms. Detection Methods: • Audit npm and PyPI dependencies for affected packages: • npm: npm ls --all • Python: pip list --outdated or pip show durabletask to confirm versions. • Inspect lockfiles (package-lock.json, yarn.lock, pnpm-lock.yaml, requirements.txt, pipfile.lock) for malicious versions. • Review CI/CD pipelines and deployment logs for installation of compromised packages. • Monitor GitHub and cloud activity for unusual authentication events, including signs of leaked token usage. Mitigation Measures: • Immediately rotate all exposed GitHub, npm, PyPI, and cloud credentials. • Replace affected npm/PyPI packages with verified safe versions or freeze dependency versions. • Isolate potentially compromised systems and audit for credential theft or lateral movement. • Apply security patches and review post-compromise artifacts in CI/CD pipelines. Additional Recommendations: • Enable real-time monitoring and alerting for suspicious token or key usage. • Implement stricter dependency review policies and supply chain risk checks. • Educate teams to verify package authenticity before installation. • Monitor dark web or underground marketplaces for leaked credentials related to your organization. SlowMist will continue to track and monitor developments related to this incident, including potential new malicious releases or related exploits. MistEye has already pushed relevant threat intelligence to clients to help them proactively assess and mitigate risks.

Interviewer: CPU usage jumps to 100% every night at 3:17 AM. No cron jobs, deployments or traffic spike. What are you checking first? Me: My bank account to see if the last month's salary was credited and My LinkedIn to see who's hiring, then I'm on sick leave for next 1 year.

CHUNG HA’s #EENIE_MEENIE# Listening Party Schedule 🔴LIVE WITH CHUNG HA 📅 3/13 11:30 PM KST 📅 3/16 5 PM KST 📅 3/17 5:30 PM KST 🎙️ 💜 * @stationhead log-in & Connect to Spotify or Apple Music account required #CHUNGHA# #청하# #MOREVISION# #모어비전#

HERE IS EVERY TRADE THAT 🇺🇸 PRESIDENT TRUMP MADE DURING Q1 THAT WAS WORTH MORE THAN $1 MILLION 36 separate purchases between January and March 2026, all at the $1M to $5M range. The full breakdown: AI and Big Tech: - NVIDIA $NVDA (2/10/2026) - Apple $AAPL (3/2/2026) - Microsoft $MSFT (3/19/2026) - Amazon $AMZN (3/19/2026) - Oracle $ORCL (3/17/2026) - Broadcom $AVGO (2/10/2026) - Adobe $ADBE (2/10/2026) - ServiceNow $NOW (2/10/2026) - Workday $WDAY (2/10/2026) - Synopsys $SNPS (2/10/2026) - Cadence Design $CDNS (3/17/2026) - CDW $CDW (2/10/2026) - Comcast $CMCSA (1/12/2026) - PTC $PTC (2/10/2026) - Texas Instruments $TXN (1/12/2026) - Motorola Solutions $MSI (2/10/2026) - Fidelity National Information Services $FIS (1/12/2026) Industrials and Defense: - Boeing $BA (2/10/2026) - Eaton $ETN (3/17/2026) - Trane Technologies $TT (3/17/2026) - TransDigm Group $TDG (2/10/2026) Consumer and Other: - Procter & Gamble $PG (1/12/2026) - Costco $COST (2/10/2026) - Uber $UBER (3/17/2026) - Dell Technologies $DELL (2/10/2026) - Jabil $JBL (2/10/2026) - Axon Enterprise $AXON (2/10/2026) - Kura Sushi $KRUS (2/2/2026) ETFs and Funds: - Vanguard S&P 500 ETF $VOO (purchases on 3/2/2026 and 2/13/2026) - iShares Russell 1000 ETF $IWB (3/27/2026) - Invesco S&P 500 Equal Weight ETF $RSP (2/20/2026) - State Street Industrial Select Sector SPDR ETF $XLI (1/29/2026) - iShares GSCI Commodity Dynamic Roll Strategy ETF $COMT (3/5/2026) - iShares Core MSCI Emerging Markets ETF $IEMG (1/29/2026) - Schwab Government Money Fund (3/17/2026) Important context per the OGE form: - The 278-T discloses transactions over $1,000 on behalf of the filer, spouse, or dependent child - Many entries are flagged "Discretion Exercised" or "Your Broker Acted As Agent," indicating a managed brokerage account placed the trades - All amounts are disclosed in ranges, not exact figures - The disclosure also separately includes large sales (Meta, Amazon, Microsoft, Netflix, Palantir all sold at significant size on 2/10)

Carl Friedrich Gauss (1777–1855) derived the exact value of cos(2π/17) This remarkable expression was part of his proof that a regular 17-gon is constructible with compass and straightedge; one of the great achievements in the history of mathematics. cos(2π/17) = [-1 + √17 + √(34 - 2√17) + 2√17 + 3√17 - √(34 - 2√17) - 2√34 + 2√17] / 16