Lightnews — Scholar-powered news

6mile

@6mile.githax.com

210 followers 510 following 56 posts

Software Supply Chain Red Team. SourceCodeRED & SecureStack founder, dad, startup OG, snowboarder and hacker. Workin on GitHax tool in my spare time. github.com/6mile @eastsidemccarty from the bird site.

Posts Media Videos Starter Packs

6mile @6mile.githax.com · 3d

Want to sniff out private bug bounty programs? If you monitor OSV for new malicious packages, you'll get some great intel. Today's example: @npmjs.bsky.social user Paastha published 6 packages targeting @vercel.com. But wait, they don't have a BB program?! Or do they.... 😮💥

6mile @6mile.githax.com · 3d

Tell me that @v0.dev has a bug bounty program without telling me they have a bug bounty program.
#dependencyconfusion #maliciouspackage

1 1

6mile @6mile.githax.com · 4d

Heya homie, that ain't gonna work.

6mile @6mile.githax.com · 11d

Yes, thanks for follow up

6mile @6mile.githax.com · 14d

I need to talk to someone in the @reversinglabs.com detection team.
Anyone in my network got an intro?

2 1 1

6mile @6mile.githax.com · 21d

I gave a talk at the FIRST CTI conference in Berlin earlier this year. Here's my presentation in its entirety.
www.youtube.com/live/j23OubE...

YouTube

Share your videos with friends, family, and the world

www.youtube.com

6mile @6mile.githax.com · 25d

1 2

6mile @6mile.githax.com · 25d

Thanks mate! Great post pulling the thread.

6mile @6mile.githax.com · Aug 28

6mile @6mile.githax.com · Aug 14

Impressed with the Tenable One CSPM demo at the #Tenable #BlackHat booth. Blends vulnerability scanning with cloud security + ASPM features via IaC scanning and Git integrations. Worth checking if you're comparing cloud security solutions: bit.ly/4mbhg3e #BlackHat2025 #CloudSec

Tenable Cloud Security (CNAPP)

Reduce cloud risk and exposure from faulty configurations and entitlements with our cloud-native application protection platform (CNAPP), Tenable Cloud Security.

bit.ly

6mile @6mile.githax.com · Aug 9

See me at 11 am today on the #DEFCON Creator State 4 (room 228). I'm super excited for this, and a big "thank you!" to the #AdversaryVillage team!
#hackersummercamp @github.com

6mile @6mile.githax.com · Aug 1

Yeah mate, i’ll be there all week.

6mile @6mile.githax.com · Jul 31

AI has written its first malicious package! I found an NPM package named @kodane/patch-manager that deploys a well-written persistent JavaScript crypto drainer.
Here's the thing: I'm pretty sure Claude wrote it!
Check out my post: getsafety.com/blog-posts/t...

@anthropic.com @npmjs.bsky.social

Threat actor uses AI to create a better crypto wallet drainer

Safety’s malicious package detection identified a malicious package that appears to have been written by Claude AI

getsafety.com

1 1

6mile @6mile.githax.com · Jul 17

The apocalypse is upon us!

6mile @6mile.githax.com · Jul 14

I'm the first presentation for Adversary Village at @defcon.bsky.social. See me talk about open-source malware at 11 am on Saturday, August 9, in room 228 (creator stage 4)

6mile @6mile.githax.com · Jul 6

Heya @virginaustralia.bsky.social I just tried to buy tickets for $6903 as advertised, but turns out it's a bait & switch. Real price: $11,617. VA support blames it on "website latency" but that price still on site. Wonder what Australian ACCC will make of VA advertising fares that don't exist?

1 1 2

6mile @6mile.githax.com · May 9

1 1

6mile @6mile.githax.com · Apr 2

You can't make this shit up! The NIST NVD database has been down all day, so no one can look up CVEs via NVD. @shodanhq.bsky.social reports that one of the two ec2 instances serving up the NVD website reports a "402 Payment Required".
Did DOGE dipshits break our national vulnerability database?!

1 1

6mile @6mile.githax.com · Mar 8

this might be an attempt to lock out the original developer right? We see that quite often in IR when the bad guy delete's original MFA device and adds a new one, effectively killing the legitimate users access.

6mile @6mile.githax.com · Feb 18

on it

6mile @6mile.githax.com · Feb 18

Can u dm me the url? I’ll take a look at it and tell u what it’s doing.

1 1

6mile @6mile.githax.com · Feb 17

New infostealer targets Exodus crypto wallets. The author wrote this malware in a little-known language to evade detection. Read my write-up here: sourcecodered.com/npm-package-...

NPM package targeting crypto wallets uses new language to evade detection

A new software supply chain attack is targeting Exodus wallet files with a new custom malware that uses a unique evasion technique

sourcecodered.com

6mile @6mile.githax.com · Feb 11

I wrote a post about the 3 most common myths I run into when talking to developers or infosec teams about malicious packages. Devs aren't familiar with malicious packages & security teams assume that existing security tools will find malware (spoiler: they don't).
sourcecodered.com/three-myths-...

3 myths about npm based threats

Npm-based threats are not well-understood, so I wrote a blog post addressing the 3 most common "myths" that I see from with engineering teams

sourcecodered.com

1 4

6mile @6mile.githax.com · Jan 28

I've identified an NPM package named "arcus-cmd-utils" that deploys a Chrome-based infostealer to infected computers. You can read my blog post complete with technical details and IOCs. @npmjs.bsky.social @github.com #softwaresupplychain #devsecops
sourcecodered.com/malicious-ar...

Malicious NPM package infects developers with new infostealer malware

A malicious package named arcus-cmd-utils was published January 12, 2025 to npm registry which deploys a Windows based infostealer malware

sourcecodered.com

1 2

6mile @6mile.githax.com · Jan 19

Oh wait, I thought you were talking about NPM