This is an excellent summary of the US War on Iran current situation.
Iβm an existentialist and borderline absurdist and even I struggle with the current moment.
This summary is just fantastic.
As someone deep into MCP (hello, I am one of the Core Maintainers of the protocol), what Kelsey alludes to here is π―
MCP completely removes the need to care about underlying API shape. Intent is what matters in a universal adapter. Behind the scenes you can use SOAP/XML for all we care.
Running Docker Hub pulls at scale?
This post shows how to add a Sonatype-protected proxy to centralize policy checks, cache trusted images, and keep existing workflows intact.
Learn how β https://bit.ly/4jQBm2g
Framing bans as existential while treating sexual abuse as a regulatory detail is the real slippery slope. Why the digital exceptionalism - this would never be accepted in printed material. The harm was foreseeable, the safeguards were obvious, and limited action only came under pressure.
Comics peeps. I am finally clocking off from work tomorrow and doing my annual splurge on as many of the year's best titles as I can get my hands on. What've been your highlights of 2025? Ongoing weeklies, collected tpbs, one-off graphic novels, reissues, indies, whatever you've got.
Also in no particular order blogs that will keep you up-to-date with the latest supply chain attacks
socket.dev/blog
Version 1 of the OWASP AI testing guide just got published.
I promise you, from my own experience, this will save you a lot of heartache.
github.com/OWASP/www-pr...
Given Shai-Hulud comeback (hello SHA1-HULUD π)
It is quite timely to share my up-to-date repository for modern npm security best practices against supply chain malware attacks:
Shai-Hulud Returns: Over 300 NPM packages infected via fake Bun runtime within hours
helixguard.ai/blog/malicio...
Troy Parrott's 96th-minute winner keeps Ireland's World Cup hopes alive!
The 23-year-old's hat-trick earns his country victory and a spot in the play-offs, breaking Hungarian hearts in the process.
Remarkable scenes in Budapest.
π GitHub is making Actions more secure by default
We recently announced upcoming changes to the pull_request_target event and environment protection rules to make GitHub Actions more secure by default.
Weβve opened a discussion to gather feedback π
π github.com/orgs/communi...
The release candidate of the OWASP Top 10 2025 has been released
owasp.org/Top10/2025/0...
The definitive release should be out on November 20th
There's some really big caveats to this. A thread.
Just prompt it they way you like. E.g with something like this: docs.vibe-coding-framework.com/document-tem...
π¨ Open source supply chain attacks are exploding.
Starting today, that ends.
Weβre releasing Socket Firewall β FREE, zero-config, CLI that blocks malware before it lands on your laptop or CI.
Just run:
npm i -g sfw
sfw npm install lodash
Works for: npm, yarn, pnpm, pip, uv, and cargo.
The press release is here: www.secretservice.gov/newsroom/rel...
Some images are below:
π¨ Update: The "Shai-Hulud" supply chain attack has expanded to nearly 500 trojanized npm packages, including several from CrowdStrike, all using the same malware first seen in Tinycolor.
Full details and package list: socket.dev/blog/ongoing... #NodeJS #JavaScript
#NPM:The popular @ctrl/tinycolor package with over 2mln weekly downloads has been compromised alongside 40+ other NPM packages (including Crowdstirke packages!) in a sophisticated supply chain attack:
#SoftwareSupplyChainSecurity
π
Hi everyone. The 'next day' busy-ness has fully set in.
Since I still haven't gotten any followup from npm regarding account actions taken, and given that I have now been approached by authorities, I will need to hold off on the post-mortem for a day or two.
Sincerest apologies for the delay.
π¨URGENT: A series of popular packages maintained by qix have just been compromised.
Compromised packages include:
β’ has-ansi - 12 million weekly downloads - V6.0.1
β’ supports-hyperlinks - 19m weekly downloads - v4.1.1
β’ chalk-template - 3.9m weekly downlaods - V1.1.1
