I’ll say the elephant in the room - due to the sheer amount of Salesforce customers who have been hit, and that Salesforce is a fully SaaS service - Salesforce should have detected and been more proactive about all of their customer’s data being stolen. https://databreaches.net/2025/09/11/exclusive-high-end-fashion-retailers-gucci-balenciaga-brion-and-alexander-mcqueen-hit-by-salesforce-attacks/

pretty good example of why I think cybersecurity is getting worse, not better, in the trenches

JLR have started switching border routers back on (don't ask me why SNMP, NTP and SSH are internet facing).

JLR are keeping car production closed until least Monday. They also say “some data was impacted”, whatever that means.

https://www.liverpoolecho.co.uk/news/liverpool-news/jaguar-land-rover-issues-crisis-32447659

I didn’t know about @microsoft before and now I’m enjoying reading their prior toots and trying to decide which one pissed off an MS exec and caused the brand protection squad to arrive.

As a follow up thread to this - if you use SAP Netweaver and present it directly to the internet, either patch CVE-2025-31324 or put a very robust mitigation in place in front of the SAP webapp.

Patching rate is still absolutely abysmal, vast majority of orgs years behind any patching.
https://cyberplace.social/@GossiTheDog/115142288361584633

Jaguar Land Rover car production is still shut down tomorrow, day 8. I’ve checked the network border, everything except one system in UK is also still offline.

If anybody else thinks it's a phishing email btw.. it isn't.

They also don't appear to know I'm not CEO of the fediverse and can't just delete an account on another server.

Also, obviously, a parody account is fair use in the US and protected speech so they shouldn't be trying to take them offline, too. It's basically a brand reputation service for Microsoft that damages brand reputation by not understanding brand reputation.

If anybody is wondering, Tracer.ai is legit and operating at the instruction of Microsoft.

They’re an AI brand protection service which has been systematically harming Microsoft’s brand for a while. An example - getting YouTube videos about Minecraft removed, which has hindered Minecraft’s visibility online (which is a huge part of Xbox revenue). https://www.reddit.com/r/PhoenixSC/comments/1fk28zm/microsoft_has_started_using_some_kind_of_ai_that/

AI causes another embarrassing social media cycle at Microsoft in 3..2..

Oh no

Apparently Microsoft don’t understand how the Fediverse works, and want me to delete the parody account @microsoft 🫡

That NodeJS supply chain hack incident is amazing because the threat actor(tm) got RCE access to like a billion devices and ran the world’s shittest Etherum dumper.

Imagine if they had done reverse shells instead, or automated lateral movement to ransomware deployment NotPetya style.

The thing that saved companies here was the threat actor was incompetent crypto boy, nothing more.

Just checked in on JLR - factory production won't be resuming tomorrow (day 7).

For anybody confused about how this happens, basically:

- For about the past 15 years every business has been developing apps by pulling in 178 interconnected libraries written by 24 people in a shed in Skegness

- For about the past 2 years orgs have been buying AI vibe coding tools, where some exec screams "make online shop" into a computer and 389 libraries are added and an app is farted out

The output = if you want to own the world's companies, just phish one guy in Skegness

Developer confirms they fell for phishing email

It looks like others have too, found one other compromised repo from a different user, will have a dig tomorrow as bored of cyber tonight.

https://bsky.app/profile/bad-at-computer.bsky.social/post/3lydioq5swk2y

Phishing email sent to maintainers, they basically targeted people with 2FA by getting them to.. reset their 2FA.

Weekly download stats for impacted packages prior to incident

ansi-styles (371.41m)
debug (357.6m)
backslash (0.26m)
chalk-template (3.9m)
supports-hyperlinks (19.2m)
has-ansi (12.1m)
simple-swizzle (26.26m)
color-string (27.48m)
error-ex (47.17m)
color-name (191.71m)
is-arrayish (73.8m)
slice-ansi (59.8m)
color-convert (193.5m)
wrap-ansi (197.99m)
ansi-regex (243.64m)
supports-color (287.1m)
strip-ansi (261.17m)
chalk (299.99m)

Total 2674m

additional backdoored packages

ansi-styles
debug
chalk
supports-color
strip-ansi
ansi-regex
has-ansi

If you want an idea of scale of trojan attempt - 'color' alone had 32m downloads in a week, the combined attempt was pushing a billion due to upstream dependencies.

Hunt tip: look for registry.npmjs.org in proxy logs, package names are in the URLs.