#e-l-f — Public Fediverse posts

Care to assist an elf girl?
(Commissioner's OC, Alicia)

 #elf #blushing #nsfw #breasts #nude #vagina #blonde #commission

TanStack npm Packages Compromised in Ongoing Supply-Chain Attack

Socket detected 84 compromised TanStack npm package artifacts modified with credential-stealing malware targeting CI systems, including GitHub Actions. Affected packages like @tanstack/react-router have over 12 million weekly downloads. The malicious versions contain router_init.js, a heavily obfuscated file with daemonization capabilities and environment variable access for GitHub Actions secrets. The compromise exploited GitHub Actions cache poisoning and pull_request_target patterns to extract OIDC tokens and authenticate malicious npm publishes through trusted-publisher bindings. The malware harvests credentials from GitHub Actions, AWS (IMDS, Secrets Manager, SSM), HashiCorp Vault, and Kubernetes, while establishing persistence in Claude Code and VS Code directories. Exfiltration occurs through Session's decentralized P2P network. The campaign includes self-propagation mechanisms that steal npm OIDC tokens and autonomously republish compromised packages. Updates indicate expansion to OpenSearch, Mistr...

Pulse ID: 6a033148e786c959261ff66f
Pulse Link: https://otx.alienvault.com/pulse/6a033148e786c959261ff66f
Pulse Author: AlienVault
Created: 2026-05-12 13:55:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #CyberSecurity #ELF #GitHub #InfoSec #Malware #NPM #OTX #OpenThreatExchange #RAT #Rust #SMS #bot #AlienVault

A hidden domain deep in the forest where elves reside. Concealed by ancient magic, only those granted permission may ever find this place. To any other, they only ever see a lush, dark forest.

https://youtu.be/SPoybd4Yytw

#composer #fantasy #musician #music #vgm #fantasymusic #classicalmusic #originalmusic #originalcomposition #instrumental #gamedev #elven #elf #elves #dndmusic #dnd #harp #recorder #mystical #magical

In the ever-growing tourist industry, English proficiency is essential for workers. It enhances communication with international visitors.

A solid command of English can significantly improve job opportunities, allowing employees to stand out in a competitive market.

Last, English serves as a bridge for cultural exchange, enabling workers to share their local knowledge with tourists.

English is not just a language; it’s a vital tool for success in tourism.

#ingles #esl #tourism #elf

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook

A sophisticated Brazilian banking trojan named TCLBANKER has been identified, representing a significant evolution of the MAVERICK/SORVEPOTEL malware family. The campaign employs a trojanized Logitech installer that deploys two .NET Reactor-protected modules through DLL side-loading. The banking trojan monitors 59 Brazilian financial institutions using UI Automation and features a WPF-based full-screen overlay framework for operator-driven social engineering attacks, including credential harvesting and fake system screens. A secondary worm module enables self-propagation through WhatsApp session hijacking and Outlook COM automation, sending phishing messages from victims' own accounts. The malware implements robust anti-analysis capabilities including environment-gated payload decryption, comprehensive watchdog systems, and ETW patching. Infrastructure is hosted on Cloudflare Workers, with evidence suggesting the campaign was detected in early operational stages.

Pulse ID: 69fb97e531a95b262c4925aa
Pulse Link: https://otx.alienvault.com/pulse/69fb97e531a95b262c4925aa
Pulse Author: AlienVault
Created: 2026-05-06 19:35:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #BankingTrojan #Brazil #Cloud #CredentialHarvesting #CyberSecurity #ELF #InfoSec #Malware #NET #OTX #OpenThreatExchange #Outlook #Phishing #RAT #SocialEngineering #Trojan #WatchDog #WhatsApp #Worm #bot #AlienVault

Boop, happy Wednesday.
.
#mastodon #elf #makeup #goth #alt

Lusty Treasure

GET ALL 24 VERSIONS HERE
https://www.patreon.com/posts/157460732
Includes Nudity, Milk, Pregnant Lusty, Body Writing, and some Dragons come to play <3

#Lusty #GoldenWeek #GoldenBikini #GoldBikini #BigTits #Redhead #Elf #Fantasy #NSFW #Art #Artist

Stretch it out.
.
#mastodon #cosplay #elf #goth

PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers

A fifth wave of the PhantomRaven NPM supply chain attack campaign has been discovered, utilizing 33 new malicious packages and fresh command-and-control infrastructure registered on March 10, 2026. The operation employs a sophisticated three-stage payload delivery mechanism using Remote Dynamic Dependency techniques to bypass static analysis. Malicious packages self-reference dependencies pointing to attacker-controlled servers at pack[.]nppacks[.]com, which deliver droppers that harvest developer credentials, system information, CI/CD tokens, GitHub repository names, and email addresses from Git configurations, NPM settings, and environment variables. The campaign specifically targets DeFi cryptocurrency developers, cloud infrastructure engineers working with Azure CDK, and AI application developers. All collected data is exfiltrated via POST requests to mozbra.php on the C2 server. Infrastructure analysis reveals connections to a legitimate Pakistani IT services company domain, suggesting potential accou...

Pulse ID: 69f8acdd6038448e350edbb9
Pulse Link: https://otx.alienvault.com/pulse/69f8acdd6038448e350edbb9
Pulse Author: AlienVault
Created: 2026-05-04 14:27:41

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Azure #Cloud #CyberSecurity #ELF #Email #GitHub #InfoSec #NPM #OTX #OpenThreatExchange #PHP #Pakistan #RAT #SupplyChain #Troll #bot #cryptocurrency #developers #AlienVault

Trigona Affiliates Deploy Custom Exfiltration Tool to Streamline Data Theft

Trigona ransomware affiliates deployed a custom exfiltration tool called uploader_client.exe during attacks in March 2026, marking a tactical shift from relying on off-the-shelf utilities like Rclone. The tool features parallel streams with five default connections, connection rotation after 2,048 MB transfers to evade network monitoring, and granular filtering to exclude low-value files. Prior to exfiltration, attackers disabled security defenses using kernel-level tools including HRSword, PCHunter, Gmer, YDark, and WKTools with vulnerable drivers. Remote access was established via AnyDesk, while credentials were harvested using Mimikatz and Nirsoft utilities. The custom tooling demonstrates higher technical maturity compared to typical ransomware operations, providing enhanced stealth capabilities while requiring greater development resources. Targeted data included invoices and high-value PDF documents from networked drives.

Pulse ID: 69f4e8812c7240e62187fe72
Pulse Link: https://otx.alienvault.com/pulse/69f4e8812c7240e62187fe72
Pulse Author: AlienVault
Created: 2026-05-01 17:53:05

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AnyDesk #CyberSecurity #DataTheft #ELF #InfoSec #OTX #OpenThreatExchange #PDF #RAT #RCE #RansomWare #Rclone #Trigona #Word #bot #AlienVault

Harvester: APT Group Expands Toolset With New GoGra Linux Backdoor

The Harvester APT group has developed a new Linux version of its GoGra backdoor that uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control channel. The malware employs social engineering lures with tailored decoy documents, masquerading malicious ELF files as standard documents. Initial VirusTotal submissions originated from India and Afghanistan, indicating these regions as primary targets. The backdoor uses hardcoded Azure AD credentials to poll a specific mailbox folder at two-second intervals, executing commands received via encrypted emails and exfiltrating results through reply messages. Analysis confirms this Linux variant shares nearly identical code with a previously known Windows version, including matching spelling errors, demonstrating Harvester's multi-platform development strategy and continued focus on South Asian espionage operations.

Pulse ID: 69f4e882199e1fa40cbece45
Pulse Link: https://otx.alienvault.com/pulse/69f4e882199e1fa40cbece45
Pulse Author: AlienVault
Created: 2026-05-01 17:53:06

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Afghanistan #Asia #Azure #BackDoor #CyberSecurity #ELF #Email #Espionage #India #InfoSec #Linux #Malware #Microsoft #OTX #OpenThreatExchange #Outlook #RAT #Rust #SocialEngineering #SouthAsia #VirusTotal #Windows #bot #AlienVault

[Out of Place]

A small drawing project that went in an odd direction. Another 'modern elf', this one seems to have gotten herself a little lost.

As I've mentioned before, I'm often lazy about backgrounds. This time I decided to capitalise on that laziness by going in a more stylised, slightly 'pop art' direction.

I don't know. Is this a good approach, or should I just learn to draw backgrounds properly?

#MastoArt #FediArt #ArtistsOnMastodon #Fantasy #Illustration #Elf

Supply Chain Attack Hits SAP CAP and Cloud MTA npm Packages

Multiple npm packages in the SAP JavaScript and cloud application development ecosystem were compromised in a suspected supply chain attack. Affected packages include [email protected], @cap-js/[email protected], @cap-js/[email protected], and @cap-js/[email protected]. The compromised versions introduced malicious preinstall scripts that download and execute Bun binaries from GitHub, then run heavily obfuscated payloads designed to harvest credentials from developer machines and CI/CD environments. The payloads steal SSH keys, cloud credentials, npm tokens, GitHub access, cryptocurrency wallets, and CI/CD secrets directly from runner memory. Stolen data is encrypted and exfiltrated via GitHub repositories created under victim accounts. The malware also attempts self-propagation by injecting itself into additional packages using stolen npm tokens and establishes persistence through VSCode and Claude IDE configurations.

Pulse ID: 69f29e7de2c7e622090df108
Pulse Link: https://otx.alienvault.com/pulse/69f29e7de2c7e622090df108
Pulse Author: AlienVault
Created: 2026-04-30 00:12:45

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CyberSecurity #ELF #GitHub #InfoSec #Java #JavaScript #Mac #Malware #NPM #OTX #OpenThreatExchange #RAT #SQL #SSH #SupplyChain #bot #cryptocurrency #AlienVault

Forest aesthetics > Moving stress. 🌲❤️

Found some Scarlet Elf Cups while taking a break from the studio hunt. ✨🍄

Look at that red!✨

#foraging #spring #indieartist #vibe #naturephotography #elf #ukraine #fungi #mycology

Small beginnings.

Yesterday was a bit of an unexpected disaster for me, but we're back to drawing <3

#art #artist #sketch #WIP #elf #Lusty

The npm Threat Landscape: Attack Surface and Mitigations

The npm ecosystem experienced a critical shift in September 2025 with the Shai-Hulud worm, marking the transition from isolated attacks to systematic supply chain compromises. In April 2026, TeamPCP launched a coordinated campaign through a malicious @bitwarden/cli package targeting multiple distribution channels including Docker Hub, GitHub Actions, and VS Code extensions. The multi-stage payload employs advanced obfuscation, harvests credentials from cloud providers and developer workstations, exfiltrates data through encrypted HTTPS and GitHub repositories, and self-propagates by backdooring npm packages using stolen tokens. The malware implements GitHub's search API as a resilient command-and-control fallback mechanism and features anti-detection measures including Russian locale killswitches. This represents an evolution toward wormable propagation, infrastructure-level persistence, and dormant payloads that activate under specific conditions.

Pulse ID: 69ec0475e74facdf3bf89ce1
Pulse Link: https://otx.alienvault.com/pulse/69ec0475e74facdf3bf89ce1
Pulse Author: AlienVault
Created: 2026-04-25 00:01:57

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Cloud #CyberSecurity #Docker #ELF #GitHub #HTTP #HTTPS #InfoSec #Malware #NPM #OTX #OpenThreatExchange #RAT #Russia #SupplyChain #Worm #bot #AlienVault

RTF Exploit Installs RAT: uWarrior

An unknown Italian-origin threat actor has developed uWarrior, a Remote Access Tool delivered through weaponized RTF documents containing multiple exploits. The attack chain leverages CVE-2012-1856 with a novel ROP chain and CVE-2015-1770 to bypass ASLR protections by loading non-DYNAMICBASE compiled DLLs through OLE objects. The fully-featured RAT uses compressed, optionally encrypted TCP communications with binary message protocols for command and control. Analysis reveals the actor borrowed components from off-the-shelf tools, particularly the ctOS RAT, sharing similar configuration structures and code functions. uWarrior provides extensive capabilities including remote command execution, file manipulation, system control, software enumeration and uninstallation, and data exfiltration. The malware establishes persistence and communicates with C2 servers using AES encryption.

Pulse ID: 69eb45ce7c704d3df21996a2
Pulse Link: https://otx.alienvault.com/pulse/69eb45ce7c704d3df21996a2
Pulse Author: AlienVault
Created: 2026-04-24 10:28:30

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ELF #Encryption #InfoSec #Italian #Malware #OTX #OpenThreatExchange #RAT #RTF #RemoteCommandExecution #TCP #bot #AlienVault

Trigona Affiliates Deploy Custom Exfiltration Tool to Streamline Data Theft

Trigona ransomware affiliates have adopted a custom-developed exfiltration tool called uploader_client.exe in attacks observed during March 2026, marking a significant tactical evolution. This command-line utility features parallel data streams, connection rotation to evade network monitoring, and granular file filtering capabilities. The shift from commonly used off-the-shelf tools like Rclone to proprietary malware suggests attackers are attempting to maintain a lower profile during critical attack phases. Prior to data exfiltration, attackers deploy multiple security-disabling tools including HRSword, PCHunter, and various BYOVD utilities to terminate endpoint protection at the kernel level. Remote access is established through AnyDesk, while credential theft is conducted using Mimikatz and Nirsoft utilities. This custom tooling approach demonstrates a higher degree of technical maturity compared to typical ransomware affiliate operations.

Pulse ID: 69ea2ebf9d87464f7c54c08e
Pulse Link: https://otx.alienvault.com/pulse/69ea2ebf9d87464f7c54c08e
Pulse Author: AlienVault
Created: 2026-04-23 14:37:51

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AnyDesk #CyberSecurity #DataTheft #ELF #Endpoint #InfoSec #Malware #OTX #OpenThreatExchange #RAT #RansomWare #Rclone #Trigona #Word #bot #AlienVault

fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet

Researchers uncovered fast16, a cyber sabotage framework from 2005 that predates Stuxnet by five years. The toolset includes fast16.sys, a kernel driver that selectively targets high-precision calculation software by patching code in memory to corrupt computational results. Combined with self-propagation mechanisms via a Lua-powered carrier module (svcmgmt.exe), the framework spreads across facilities to produce consistent inaccurate calculations. This operation represents the first documented instance of strategic cyber sabotage targeting ultra-expensive computing workloads in advanced physics, cryptographic, and nuclear research. The framework uses an embedded Lua virtual machine predating Flame by three years and appears in the ShadowBrokers leak of NSA Territorial Dispute components with the evasion signature: 'fast16 *** Nothing to see here – carry on ***'.

Pulse ID: 69eafa1063a05bb892acea52
Pulse Link: https://otx.alienvault.com/pulse/69eafa1063a05bb892acea52
Pulse Author: AlienVault
Created: 2026-04-24 05:05:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ELF #ICS #InfoSec #LUA #Mac #NSA #OTX #OpenThreatExchange #RAT #SMS #bot #AlienVault

npm Packages Hit with TeamPCP-Style CanisterWorm Malware

Malicious npm packages associated with Namastex.ai were compromised with malware exhibiting tradecraft similar to TeamPCP's CanisterWorm campaign. The attack targeted packages including @automagik/genie and pgserve, implementing install-time execution that harvests credentials, environment variables, SSH keys, cloud credentials, browser data, and crypto-wallet artifacts. The payload exfiltrates stolen data to both a conventional webhook at telemetry.api-monitor.com and an Internet Computer Protocol canister endpoint. It incorporates self-propagation logic to compromise additional npm packages using stolen publishing tokens and includes cross-ecosystem spreading capabilities targeting PyPI. The malware uses hybrid encryption with RSA and AES-256-CBC for data exfiltration. Multiple package namespaces were affected, suggesting shared infrastructure or coordinated compromise across publisher accounts.

Pulse ID: 69e8f5ba273a5389cb4d03f5
Pulse Link: https://otx.alienvault.com/pulse/69e8f5ba273a5389cb4d03f5
Pulse Author: AlienVault
Created: 2026-04-22 16:22:18

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cloud #CyberSecurity #ELF #Encryption #Endpoint #InfoSec #Malware #NPM #OTX #OpenThreatExchange #PyPI #RAT #SSH #Worm #bot #AlienVault

Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories

Void Dokkaebi, also known as Famous Chollima, has evolved its operations into a self-propagating supply chain threat targeting software developers. The North Korea-aligned group uses fabricated job interviews to lure developers into cloning malicious repositories. Once compromised, the victim's machine becomes an infection vector through two mechanisms: malicious VS Code task configurations that execute automatically when workspaces are opened, and active injection of obfuscated JavaScript into source code files with Git history tampering to conceal modifications. This creates a worm-like propagation chain where each compromised developer seeds new repositories with infection vectors. Analysis in March 2026 identified over 750 infected repositories, with contamination reaching organizations including DataStax and Neutralinojs. The campaign delivers payloads via blockchain infrastructure including Tron, Aptos, and Binance Smart Chain, deploying variants of DEV#POPPER RAT and other tools to steal cryptocurre...

Pulse ID: 69e7690744c08ddc410e543f
Pulse Link: https://otx.alienvault.com/pulse/69e7690744c08ddc410e543f
Pulse Author: AlienVault
Created: 2026-04-21 12:09:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Binance #BlockChain #CyberSecurity #ELF #InfoSec #Java #JavaScript #Korea #Mac #Malware #NorthKorea #OTX #OpenThreatExchange #RAT #RCE #SMS #SupplyChain #Worm #bot #developers #AlienVault

@politipet

+ #ÉricTrappier Psdt holding #Dassault = Etat + #LeFigaro
https://dassault.fr/

+ fédération de la métallurgie dont le sigle est déjà prêt
https://www.rnm-metallurgie.fr/

+ mouvement Ethic présidé par Sophie #deMenthon ex-bras droit du corrompu Loïk Le Floch-Prigent #Elf
https://www.ethic.fr/

+ Rodolphe #Saadé #CMACGM
https://www.cmacgm-group.com/fr/

Et ils ont mangé quoi en 1932 ?
https://mastodon.social/@cobrate/114201852839799385

#fascisme #politique #corruption #Medef #PatrickMartin #presse #year1938 #year1932