23pds (山哥) (@im23pds)

🚨 SlowMist TI Alert 🚨 MistEye has received critical threat intelligence regarding an active supply chain attack compromising node-ipc, a foundational Node.js library. The malicious releases have been identified as versions 9.1.6, 9.2.3, and 12.0.1. Threat actors injected an obfuscated credential-stealing payload into the CommonJS bundle. Once loaded, it silently harvests over 90 categories of developer data—including AWS, Azure, GCP, SSH, K8s tokens, and Terraform states—and exfiltrates it to attacker-controlled infrastructure. We have synchronized this IOC with our clients immediately. Detection & Remediation: Please urgently audit your environments for exposure: • Dependencies: Run npm ls node-ipc --all to identify direct or transitive inclusions. • Lockfiles: Search package-lock.json, yarn.lock, or pnpm-lock.yaml for the affected version ranges. • CI/CD: Review pipeline jobs executed after May 14, 2026, that may have pulled loose semver updates (~9.1.x, ^12, etc.). ⚠️ Critical Action: If a compromised version was installed, assume certain compromise. Do not wait for exfiltration confirmation. Downgrade to a known safe version immediately and aggressively rotate all credentials, tokens, and environment secrets present on the affected machine or CI runner. As always, stay vigilant!

🚨 BREAKING: node-ipc compromised. Again. Three malicious versions of node-ipc (9.1.6, 9.2.3, 12.0.1) were published today carrying an identical credential-stealing payload. This package has 10M+ weekly downloads. Here's what happened: An attacker injected an 80KB obfuscated IIFE into the CommonJS bundle. It fires on every require('node-ipc') call. No special config needed, just importing the package is enough. What it steals: → AWS, Azure, GCP credentials → SSH private keys → Kubernetes configs → Docker tokens → GitHub CLI tokens → AI tool configs (including Claude) → Terraform state → 90+ credential file patterns in total Everything gets gzipped and exfiltrated to an attacker-controlled domain (sh[.]azurestaticprovider[.]net) via DNS TXT queries and HTTPS POST, designed to look like normal traffic. The attacker published across two major version lines simultaneously (9.x and 12.x) to maximize blast radius. Semver ranges like ^9, ~9.1.x, ~9.2.x, ^12, and ~12.0 all resolve to compromised versions automatically on the next install or lockfile refresh. Key details: Only the CommonJS bundle (node-ipc.cjs) is affected. ESM imports are clean. The 9.x releases are fabricated. The 9.x line never shipped a .cjs bundle before this attack. This is a different actor from the 2022 peacenotwar incident. Purely financial, credential-theft motivation. If you installed any of these versions, assume all secrets on that machine are compromised. Rotate everything. Our full technical breakdown covers the attack chain stage by stage, IOCs, and how to check if you're affected:

NGINX rift: We autonomously discovered this 18 yr old heap overflow (CVE-2026-42945) in @nginx impacting version 0.6.27 to 1.30.0. If you use rewrite and set directive, you maybe impacted! Please update your NGINX or change the config to mitigate it. Read more at

#Fragnesia# 🚨: a new #Linux# kernel LPE in the Dirty Frag family lets unprivileged attackers gain root via ESP-in-TCP page-cache corruption. No host-level privileges required. Patch ASAP, disable esp4/esp6/rxrpc if unused, and restrict user namespaces.

0/ Clear signing is now live. An open standard to end blind signing, making human-readable transactions default. This effort brings a major UX and Security upgrade to transaction signing on Ethereum.

阿里、美团、腾讯三家在这三家AI公司上的浮盈毛估估加起来已经超过 1000 亿，投资上猛赚，但和这三家蒸发的市值来比的话简直亏大发了。 但同样是投AI，三家的画风完全不一样。美团投得最少、赚得最猛，阿里撒网最广、有部分是以算力投进去，腾讯居中。 1、先看智谱：美团45倍，碾压全场 智谱现在市值约 3500 亿 RMB（港股02513，5月初盘中一度突破 1000 港元，总市值超 4000 亿港元），智谱的 GLM5.1 登顶全球大模型 TOP3，coding 套餐天天卖爆。 美团是最早下注的。2023年3月B2轮，3 亿 RMB 直接拍进去，投后估值 32 亿，占股超过 10%。之后美团再没追加，经过后面数轮融资和IPO稀释，美团还剩 3.91%，对应市值 137 亿。3亿变137亿，净赚 134 亿，回报 45 倍。这个数字放在整个中国一级市场都是顶级水准。 腾讯来得晚一些。2024年8月B4轮才进，投了 2 亿，投后估值已经到 72 亿，占股 2.7%。稀释后剩 1.58%，值 55 亿，回报 27 倍。也不差，但跟美团一比，晚了一年多，回报直接砍了一半。 阿里的路径最绕。蚂蚁旗下上海云玡先在B3轮用 1.5 亿认购了智谱 66.7 万元注册资本，IPO后持 1.54%，值 54 亿，回报 33 倍。阿里自己不算差，蚂蚁通过上海云玡和上海飞玡合计持 3.66%，值 128 亿，成本 4.9 亿（已扣掉转让给阿里的 1.1 亿），回报 25 倍。阿里系（阿里+蚂蚁）在智谱合计持股 5.2%，浮盈约 175 亿。 2、MiniMax：阿里重仓，腾讯跟投，美团缺席 阿里在MiniMax上下了重注。通过Alisoft持股 12.52%，按当前市值算约 37 亿美金。阿里参与了B轮和基石轮，但MiniMax没详细披露阿里的出资金额，按毛估估约 6 亿美金成本，增值约 5.2 倍，赚31 亿美金 210亿人民币 腾讯占 2.37%，值约 7 亿美金，参与轮次比阿里略早，成本应该更低，按 ~1 亿美金估算，增值约 6 倍。虽然绝对金额不如阿里，但成本控制得更好，倍数反而更高。 美团没参与MiniMax投资。 3、Kimi：阿里可能是最大赢家、美团也是重注 月之暗面还没上市，最新一轮 20 亿美元融资刚刚完成，投后估值突破 200 亿美元（~1400 亿 RMB），美团龙珠领投。 阿里是Kimi早期最重要的财务投资者。2024年以 8 亿美金购入约 36% 股权，不过其中部分以阿里云算力结算，现金大约 6 亿美金。2026年2月又参与了 7 亿美金融资，具体金额未披露。按 36% 股权算，当前市值约 72 亿美金，账面回报约 9 倍。但这个倍数的前提是：阿里没有在后续融资中被大幅稀释，以及 200 亿估值站得住。两个条件都有变数。 腾讯2024年8月参与了 3 亿美金融资按照 33 亿美金估值投资，2026年2月又联合领投了 7 亿美金融资，但两轮出资金额都没披露，没法算精确浮盈。按腾讯一贯风格，大概率是跟投而非重仓。 美团这边分成两笔。王慧文个人累计投资约 7000 万美金（~4.9 亿 RMB），按当前估值算回报约 5 倍，这笔投得早，赚得还行。美团龙珠则是本轮 20 亿融资的领投方，单笔出资超 2 亿美金，刚投完估值没涨多少，暂时没有浮盈。 几个有意思的点： 1、美团回报倍数碾压。3亿进去，134亿出来，45倍。原因很简单：进得早，出得少。B2轮就进去了。 2、阿里智谱、MiniMax、Kimi三家全投了，总浮盈金额最大，且每家投入金额大，还有很大一部分是用算力来投的。 3、腾讯最均衡。智谱27倍，MiniMax 6倍，综合回报11倍，kimi 预计 6 倍。 4、Kimi可能是阿里最大的单笔回报来源——36%股权按 200 亿美金估值值 72 亿美金，如果最终IPO定价更高，这个数字还会膨胀。 这三家AI公司股价波动剧烈。智谱从上市首日 131 港元涨到 840+ 港元，MiniMax从 165 港元涨到 1200+ 港元，但回调也很猛。这些浮盈在变现之前，都是纸面富贵。 还有一点值得说：这三家大厂投AI的逻辑不是纯财务投资。阿里需要算力客户，腾讯需要生态卡位，美团需要技术壁垒，三个各自投的目的不同但都是为了不被取代。

1/ Meet Dritan Kapllani Jr, a US based threat actor tied to $19M from social engineering thefts targeting crypto holders. Dritan flexes luxury cars, watches, private jets, & clubs all over social media. Recently he was recorded on a call showing off a wallet with stolen funds.

选择永远比努力重要 这一轮如果死守币圈，又错过了 芯片、存储、CPU、光模块的，那会完美的避开了整个AI资产增值的大浪潮。 只能劝一句，回头是岸，大币种还有机会，而绝大部分山寨币会归零。别沉迷其中。踏实做好资产配置，搭上AI 5 到10年的大浪潮，人类最后一次工业革命！ 看清楚前方方向很重要，选择永远比努力重要。

🫤去年我发现某家全球Top 5的大所存在一个严重漏洞，价值在 $100,000+ 级别，为防止被黑客利用，我第一时间主动联系他们团队，快速通报并协助处理。 一句“谢谢”，然后就彻底没下文了.. 没有反馈、没有奖励、甚至没有公开致谢。 以后不客气，直接走 Bug Bounty 流程—修复、披露，公开透明。