@hulu @netflix @Spotify You don’t know what to do. You don’t know what to eat. You trust the opinion of strangers, but you don’t want to talk to them. With V10, your Tesla can direct you to the nearest highly rated places and the best food. You just need to say whether you’re feeling 🍀 or 😋.

@DisneyPlus @hulu The National Geographic 33—inspired by our 33 founders—is an initiative honoring changemakers who are rising to meet the most critical challenges of our time, making meaningful progress and incredible breakthroughs

🚨 A Mini Shai-Hulud has appeared. Your npm install just handed your credentials to an attacker. We detected a new supply chain campaign targeting SAP developer packages. It downloads Bun (not Node) to run an 11 MB obfuscated payload. Victim repos are being created on GitHub as we speak. Full breakdown:

New episode lands on @hulu tonight at 9pm pst/midnight est 🤍 And for all our international fans the episode goes live at midnight est so check your app! @kardashianshulu @hulu #TheKardashians#

🚨 SlowMist TI Alert 🚨 The Shai-Hulud malware has resurfaced via the npm account atool(i@hust.cc), with over 600 malicious versions published. Notably, high-download packages such as size-sensor@1.1.4 (4.2M dl/mo), echarts-for-react@3.1.7 (3.8M dl/mo), and @antv/scale@0.6.2 (2.2M dl/mo) are at elevated risk. The attack carries risks: 1. AI agent hijacking: Claude Code, Codex, and VS Code tasks can trigger a Bun bootstrapper that re-executes the malicious payload. 2. Credential harvesting: The malware collects credentials from cloud services, GitHub, npm, local environments, and CI/CD pipelines. Using ^ to specify version ranges may cause npm to automatically install versions that have been compromised or contain security risks. Detection & Mitigation Measures: • Audit dependencies for any package published by atool (i@hust.cc) and check for suspicious preinstall scripts • Remove compromised packages and rotate all exposed credentials • Inspect CI/CD pipelines and local Node.js projects for malicious hooks or workflows • Revert to safe package versions or known-good dependencies ⚠️ Critical Action: Treat any system with affected packages as potentially compromised. Apply mitigation steps immediately.