Cos(余弦)😶🌫️
@evilcos
Founder of @SlowMist_Team // 分身一号/捉虫大师/救火运动员 // 🕖灾备频道
Joined November 2008
1.5K Following 123.8K Followers
玩 Vibe Coding 的朋友,特别划重点注意下这个,恶意代码喜欢藏的位置:
Claude Code hijack (~/.claude/settings.json): A SessionStart hook is injected into Claude Code's settings file.
VS Code task injection (.vscode/tasks.json): A folderOpentask trigger is written to workspace task configurations.
供应链攻击太多了,多到发麻,愿你的设备不是肉鸡。
Show more
🚨 Breaking: 31 npm packages from @RedHat have been compromised.
100,000+ weekly downloads affected. The upstream CI/CD pipeline was compromised, with all packages published via GitHub Actions OIDC.
The payload:
⚠️ Reads GitHub Actions runner process memory to extract masked secrets
⚠️ Sweeps credentials across AWS, GCP, Azure, K8s, Vault, and npm
⚠️ Self-propagating worm that republishes backdoored packages using stolen npm tokens, bypassing 2FA
⚠️ Persists on dev machines via Claude Code settings hijack and VS Code task injection
⚠️ Exfiltrates data through GitHub API commits, blending in with normal git operations
We have responsibly disclosed the incident to the maintainers.
Full technical analysis:
Show more
