Decided to create the second account for just cosplays and SFW works (mb with just a little fan service 🌚)! Feel free to follow this page too! #seraphine# #seraphinecosplay# #leagueoflegends# #leagueoflegendscosplay# #kda# #kdacosplay# #kdamore# #stylemore#

We’ve published a technical report evaluating a post-quantum cryptography migration path for BSC. The report covers: • ML-DSA-44 transaction signatures • pqSTARK validator aggregation • Type 0x05 transaction format • Public key storage and verification flow • Cross-region performance benchmarks Benchmark highlights: • Tx size: 110 B → ~2.5 KB • Block size: ~110 KB → ~2 MB • Native transfer TPS: 4,973 → 2,997 One notable result: The primary bottleneck was not signature verification performance, but block byte size and cross-region propagation overhead. Read the full report 👇

🚨 The popular PyPI package lightning has been compromised in a supply chain attack. Socket detected malicious code in versions 2.6.2 and 2.6.3 that executes automatically on import, downloads Bun, and runs an 11 MB obfuscated JavaScript payload designed to steal credentials. This appears to be connected to yesterday's mini Shai-Hulud attack, but we're still investigating. #Python#

🚨 A Mini Shai-Hulud has appeared. Your npm install just handed your credentials to an attacker. We detected a new supply chain campaign targeting SAP developer packages. It downloads Bun (not Node) to run an 11 MB obfuscated payload. Victim repos are being created on GitHub as we speak. Full breakdown:

1d 13h 20m, 3,596,831 tokens. Goal achieved? Not quite. It was a hard problem. The agent tried its best and went through 20 full model/eval rounds. In the end, the agent talked itself out of the original contract and declared the goal achieved. I probably would have stopped it anyway, since I could also see from the sidecar that it was struggling. Still, it was a good experiment. My 14" MacBook Pro held up well under a sustained run, with no throttling or heating issue. Qwen3.6 35B A3B OptiQ 4-bit running locally on MLX also held up well. It generated thousands of training data samples, averaging around 50 tps with reasonably good quality. Very impressive. DeepSeek 4 Pro was a good teacher for the training, though there are still areas for improvement. The end result: we LoRAed an expert model, Qwen3-4B-Instruct-2507 + MLX LoRA. We produced a compact 56 MB LoRA adapter on a 4B Qwen base that reaches ~59% three-way decision agreement on the original eval slice, ~91% violation recall, and ~98% valid JSON, but with a high false-positive rate. It is deployable, but probably not quite usable yet. Still, it gives me a clear direction for where to go next. I’ll write more about the whole process later. Stay tuned.

🚨 ACTIVE INCIDENT: The Mini Shai-Hulud worm is back, and it just compromised dozens of official @tanstack npm packages This is the first documented self-spreading npm worm that carries valid SLSA provenance attestations. Let that sink in. Our OSS Package Security Feed detected the compromised releases and we're tracking the spread in real time. Here's what happened: The attacker staged an obfuscated 2.3 MB credential-stealing payload in a fork of TanStack/router, then used hijacked OIDC tokens to publish malicious versions through TanStack's own legitimate GitHub Actions release pipeline. The compromised packages include @tanstack/react-router, @tanstack/router-core, @tanstack/react-start, and 40+ other packages. Millions of weekly downloads across the ecosystem. If you installed any affected version in CI, assume all secrets in that environment are compromised. Rotate tokens immediately. Full technical analysis, IOCs, compromised version list, and recovery steps on our blog. The list of affected packages is still growing.