Peek-a-Byte!'s avatar
Peek-a-Byte!
npub1n35c...jq7t
Peek My IP – See your IP. Hide it. Stay private. #Privacy #Cybersecurity #HackingNews
Peek-a-Byte!'s avatar
peekmyip 5 hours ago
Stop callin' 'em data centers, they’re spy hubs settin' up a digital trap. image
Peek-a-Byte!'s avatar
peekmyip yesterday
Peep this ranked list of messengers by @The_HatedOne_ — which one's the most low-key private? Which one do you actually tap? #privacy
Peek-a-Byte!'s avatar
peekmyip 4 days ago
🚨 Tails users — patch to 7.8.1 NOW. Emergency update fixes a nasty Linux kernel hole and Tor client bugs that mess with anonymity/session isolation. image
Tails - Tails 7.8.1
Peek-a-Byte!'s avatar
peekmyip 5 days ago
Oh great, Huawei, the old “Chinese spyware” ... suddenly a model of virtue. image
Peek-a-Byte!'s avatar
peekmyip 6 days ago
Hackers aren't really the biggest #privacy problem—convenience is.
Peek-a-Byte!'s avatar
peekmyip 0 months ago
#ForzaHorizon6 leaked 10 days early and Microsoft is to blame Someone forgot to encrypt the preload on Steam The full game – all 155GB – is now freely available on piracy sites before a single paying customer has touched it This is the second time this year a AAA game leaked this way (Death Stranding 2 in March) FH6 doesn’t release until May 19 – pirates have a 10-day head start on buyers.
Peek-a-Byte!'s avatar
peekmyip 1 month ago
Yo — #Microsoft says this is “how it's supposed to work,” so here’s the scoop. Wanna grab every saved Edge login? Here’s the lazy route: 1. Pop open Edge — don’t even go anywhere. 2. Hit up Task Manager, find Edge, and blow it open. 3. Click the “browser” sub-task, right‑click it, and pick “Create Memory Dump.” 4. Open that dump and dig out the creds. If you’re logged into Windows, you can pull every Edge password with zero extra permissions. Translation: any sketchy program you run as that user can snag all those logins. Shoutout to Rob VandenBrink at SANS for the heads-up. https://isc.sans.edu/diary/32954
image image
Peek-a-Byte!'s avatar
peekmyip 1 month ago
LMFAO definitely do not do this 🤣image
Peek-a-Byte!'s avatar
peekmyip 2 months ago
Warning🚨 CPU-Z and HWMonitor websites have been hacked and are delivering malware downloads. Do not download CPU-Z or HWMonitor right now. Reports confirm the official CPUID website was compromised and some downloads were replaced with malware-infected installer files. If you downloaded or updated either app recently, run a full antivirus scan immediately.
image image
Peek-a-Byte!'s avatar
peekmyip 2 months ago
#Apple pulled a bunch of VPNs from Russia’s App Store so folks can’t dodge the censors. Yesterday Apple sneaked in an overnight UK update that shoved Age Verification down everyone’s throat. A closed-off orchard — all apples, no freedom. 🤦‍♂️
Peek-a-Byte!'s avatar
peekmyip 2 months ago
Your favorite AI apps probably run on a piece of software called LiteLLM. It gets downloaded 97 million times a month. Yesterday, someone poisoned it. Here's what happened. LiteLLM is like a universal adapter that lets companies plug into AI models like ChatGPT and Claude. If you've used any AI tool in the last year, there's a decent chance LiteLLM was running somewhere behind it. A hacking group called TeamPCP uploaded a fake update to the online store where developers download it. If anyone installed that update, the malware quietly scooped up every password, secret key, and login credential on their computer, packaged it, and sent it to the hackers. You didn't even need to download LiteLLM yourself. If you downloaded any app that uses LiteLLM in the background, the same thing. You got hit without knowing LiteLLM existed. The only reason anyone caught it is that the malware had a bug. One developer's computer ran out of memory and crashed. That crash is the only reason the attack got noticed. Without that bug, this could've run for weeks. But the scariest part is how the hackers got in. Five days before, TeamPCP broke into a security tool called Trivy. Trivy's job is literally to scan code and find weaknesses. They turned the guard dog into the burglar. Then they used stolen passwords from that hack to break into another security company. Then they used passwords from that hack to steal the login that lets someone publish new versions of LiteLLM, because LiteLLM used Trivy in its own security checks. The lock on the front door was the thing that was compromised. When developers tried to report the break-in on GitHub (where the code lives), the hackers used the stolen account to shut down the report. Then they flooded it with 88 fake comments from 73 hijacked accounts in 102 seconds to drown out anyone trying to warn people. In five days, TeamPCP broke into five different software platforms. Each break-in gave them the password to the next one. A domino chain. The poisoned update was live for about 3 hours before it got pulled. LiteLLM gets 3.4 million downloads per day. And TeamPCP posted on Telegram, saying more attacks on open-source tools are coming in the months ahead. The entry point was the security scanner that was supposed to keep LiteLLM safe. That's the part I keep coming back to.
X (formerly Twitter)
Andrej Karpathy (@karpathy) on X
Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds,...