Hacker News

Hacker Newshttps://news.ycombinator.com/Links for the intellectually curious, ranked by readers.How Mark Klein told the EFF about Room 641A [book excerpt]https://thereader.mitpress.mit.edu/the-whistleblower-who-uncovered-the-nsas-big-brother-machine/Thu, 30 Apr 2026 16:41:00 +0000https://news.ycombinator.com/item?id=47965060<a href="https://news.ycombinator.com/item?id=47965060">Comments</a><div id="post-19866" class="single-mid-cont post-font article-entry" morss_own_score="5.128461189287336" morss_score="10.951260185163257"><article morss_own_score="6.82741617357002" morss_score="151.36342023036514"><h1>The Whistleblower Who Uncovered the NSA’s ‘Big Brother Machine’</h1><div>An unexpected visitor gave my team the evidence we needed to prove that the government was secretly wiretapping Americans.</div><figure><img src="https://thereader.mitpress.mit.edu/wp-content/uploads/2026/04/641-cover-copy-700x420.jpg"><figcaption>Room 641A, which housed the “Big Brother machine,” inside AT&T’s Folsom Street building in San Francisco, California. Source: <a href="https://www.eff.org/deeplinks/2025/03/memoriam-mark-klein-att-whistleblower-about-nsa-mass-spying">Mark Klein / The Electronic Frontier Foundation</a>.</figcaption></figure> <div><a href="https://www.beelinereader.com">BeeLine Reader</a> uses subtle color gradients to help you read more efficiently.</div> <span>Listen to this article</span> <span>0:00</span> <p>On January 20, 2006, the front doorbell rang at the Electronic Frontier Foundation’s offices on Shotwell Street in the Mission District of San Francisco. At the time, Shotwell Street wasn’t the glamorous part of the Mission. Our offices sat between two auto repair shops, across the street from a utility substation. The sidewalk was often dotted with homeless people’s tents. At one point, San Francisco did a survey, and our block of Shotwell Street had the highest reported amount of human feces in the whole city.</p><figure><a href="https://mitpress.mit.edu/9780262051248/privacys-defender/"><img src="https://thereader.mitpress.mit.edu/wp-content/uploads/2026/04/Privacys-Defender-jkt.jpg"></a><figcaption>Cindy Cohn is the author of “<a href="https://mitpress.mit.edu/9780262051248/privacys-defender/">Privacy’s Defender</a>,” from which this article is adapted.</figcaption></figure><p>We had many people down on their luck ring that doorbell. Some were just lost. Others sought us out because they believed, quite sincerely, that the government or aliens had put a chip or magnet in their brains. We tried to be sympathetic and point them to other resources, but generally we had to turn them away.</p><p>Because of this, it was with friendliness but some caution that our executive director, Shari Steele, answered the bell.</p><p>“Do you folks care about privacy?” the guy asked. He was in a tan trench coat, looked to be in his early 60s, with gray hair, intense eyes, and a raspy voice.</p><p>“Why yes, we do,” Shari answered.</p><p>“Then I have some information for you. I am a retired AT&T technician. I know how the NSA is tapping into the internet at an AT&T facility downtown.”</p><p>“Well, come on in.”</p><p>Shari found EFF attorney Kevin Bankston in his tiny office. They talked for a long time. After the man left, Kevin and Lee Tien, another EFF attorney, burst into my office.</p><p>“This guy named Mark Klein, who just came to the door, has something,” Kevin said, with more excitement than I had seen from him in a long time. I was immediately intrigued, but what they told me blew past my highest expectations. Mark had presented us with unequivocal evidence that the National Security Agency was engaged in mass, untargeted spying in the U.S. by tapping into the internet backbone. And it was doing this from an AT&T building just a short distance from our offices.</p><hr><p>The backstory to Mark knocking on EFF’s door starts in 2001 with the government’s response to the horrific 9/11 attacks. The first of these was the Patriot Act.</p><p>In the seven weeks between its introduction and passage in 2001, Lee and I stayed up countless nights trying to parse the three-inch-thick printout of the proposed legislation to identify the sections that affected the internet. We needed to understand what laws the government wanted to change, spot overreach and unconstitutionality, and marshal appropriate support or resistance where necessary.</p><p>The draft legislation had been rolled out so quickly that we had the impression it was just sitting in an envelope on someone’s desk, with a note that read, “Open at the next crisis.” Our theory was confirmed when we saw that a good chunk of the proposed law was nearly the same package of legal changes that the FBI had tried — and failed — to push after the Oklahoma City bombing in 1995.</p><p>One big change impacting surveillance was clear: Prior to September 11, the U.S. had what could reasonably be called a “wall” separating foreign surveillance for national security purposes done by the NSA from domestic surveillance for law enforcement purposes done by the FBI. The theory was that those powers would never be turned on in the U.S. and used against its own people. The Patriot Act, however, helped erode that wall.</p><figure><blockquote><p>“Do you folks care about privacy?”</p></blockquote></figure><p>Soon, folks at EFF started to hear whispers of mass domestic surveillance programs. We were told confidentially that the NSA was gathering all the telephone records from America’s leading telecommunications companies. We separately heard that the NSA was now sitting on the wire in the U.S. We even heard that the agency was collecting metadata on our online activities from both telecommunications companies and some internet companies. Friends in the industry would say things like, “You wouldn’t believe what the NSA is doing in the United States now,” and “I can’t tell you anything without getting in trouble, but it’s massive.”</p><p>All sounded wildly illegal under the Foreign Intelligence Surveillance Act (FISA) and the Patriot Act. Several people reached out to us, and each time we sat down with them to see if we had enough provable facts to bring a case. But no one who reached out to talk to us was willing to go on the record, much less provide documentary evidence we could use in court.</p><hr><p>The information Mark gave us made the whispers we had heard over the years from our friends at telecommunication companies make more sense. By his account, mass spying involved the internet’s deepest layer, known as the “backbone.” A set of large providers — big companies, academic institutions, and governments — operate a series of powerful computers that provide the backbone’s main data routes.</p><p>AT&T operated part of the internet backbone from the Folsom Street facility. One component of Mark’s job was to maintain the section of the AT&T system that routed traffic from AT&T’s internal networks to the internet backbone via a set of connections called “peering links.” What Mark was telling us, and what his documents were showing, was that the NSA was now tapping in at these junctures.</p><p>Mark had been a technician at AT&T for many years. In mid-2003, he was transferred to the Folsom Street building and charged with maintaining the room where AT&T’s own fiber-optic network connected to the rest of the internet.</p><p>Mark told us that the fiber-optic cables carrying traffic to and from AT&T’s portion of the backbone converged on the seventh floor of the Folsom Street building. This was reasonable. But he showed us that those cables also connected down to the sixth floor of the building. The sixth floor was where the weirdness happened. Sometime in 2002, a “secret room” (designated 641A) had been built on that level of the building, accessible only to workers with NSA clearances. Mark didn’t have clearance himself, but he knew and worked with the person who did and had access to that room.</p><p>Next to the secret room was a “splitter cabinet.” On one side, the internet-connecting fiber-optic cables that came down from the seventh floor fed into it. On the other side, two sets of fiber-optic cables came out. One set snaked back up to the seventh floor to carry traffic onto the wider internet. But a second set of cables went into the secret room.</p><figure><img src="https://thereader.mitpress.mit.edu/wp-content/uploads/2026/04/Mark_Klein_ATT_3x4_cropped.jpg"><figcaption>Mark Klein. Source: <a href="https://commons.wikimedia.org/wiki/File:Mark_Klein_AT%26T_(3x4_cropped).jpg">Quinn Norton / The Electronic Frontier Foundation</a>.</figcaption></figure><p>Outside the room, the splitter cabinet and newly installed wiring meant that when the communications came down from the seventh floor, they were “split” there. One copy of the communication went into the secret room, while the other went to the intended recipient. In this way, the NSA could be sitting “on the wire” inside the U.S., the fiber-optic cables that carry everyone’s communications, since it could make and capture a copy of all the traffic passing through the juncture. The NSA could then review the traffic separately, without slowing it down or leaving any trace of what it was actually doing on the public network. Mark called it the “Big Brother machine.”</p><p morss_own_score="7.0" morss_score="9.0">I tried hard to keep my jaw from dropping as Mark explained both the banality of the technical infrastructure — so clear that I could easily understand how it worked — and the audacity of what the NSA and AT&T had built together to undermine the privacy of likely hundreds of millions of innocent people, including millions of AT&T’s own customers. His revelation was not entirely unexpected; what <em>was</em> unexpected was someone knocking on our front door and handing us the actual schematics.</p><p>We talked with several telecommunications experts, and they confirmed that this setup was a reasonable method for the NSA to “sit on the wire” in a way that would allow it to operate surreptitiously while remaining effective. One expert we talked to, who had been involved in the development of several critical internet technologies, including email, web, and document representation and transmission, said, “This isn’t a wiretap, it’s a country tap.”</p><p>We had our evidence. This was that crucial confirmation, in a form admissible in court, that we had been hoping for. We knew, and could now prove, that AT&T had facilitated illegal domestic surveillance of internet communications. As part of the legal strategy we had been crafting, this evidence would help us bring a lawsuit against mass surveillance.</p><p>It was nearing the end of January. With Mark Klein’s direct evidence about AT&T in hand, the next thing to do was to get him his own lawyers. We needed him as a star witness, so we couldn’t have him be our client. The risk of conflicts of interest between Mark and AT&T customers wasn’t great, but it was real, especially if Mark faced prosecution or a civil claim from AT&T. We all knew — as did Mark — that he had serious legal risk. We made some calls and were overjoyed when an all-star team readily signed on.</p><hr><p>On March 31, we filed our motion for a preliminary injunction, including Mark’s declaration and the AT&T documents he had provided. As a courtesy, I also called the Department of Justice and left a message informing them of Mark’s declaration and the evidence.</p><p>The person who returned my call was DOJ attorney Tony Coppolino. Tony and I had actually become friendly over the years. He was a nice guy and a smart and fair-minded opponent. I’ll never forget the first voicemail I got from him after we filed Mark’s evidence.</p><p>“Hi Cindy, it’s Tony Coppolino calling about your <em>Hepting</em> case. I’m baaaack. Call me.”</p><p>I did, on a Friday afternoon. “Hi Tony, are you handling this case? This will be fun.”</p><p>“Yes, it looks like it. But this is serious; we need to see the documents you filed right away to see if they are classified. If so, it is illegal for you to even have them.”</p><p>“I don’t think they are classified, Tony. They aren’t marked as ‘classified’ or anything like that. I’m happy to show them to you. Can’t you get them directly from the court?”</p><figure><blockquote><p>“This isn’t a wiretap, it’s a country tap.”</p></blockquote></figure><p>“With all due respect, Cindy, you don’t know if they are classified since they don’t have to have markings and can still be classified. Only we can tell. We also can’t get them from the court if they are classified. Can you have someone bring another copy down to the SCIF [sensitive compartmentalized information facility] in the federal building so that they can be sent to us in DC?”</p><p>“Sure. We’ll do that right away. How will you get them?”</p><p>“Well, there is a very slow but very secure fax machine in the San Francisco SCIF that will get them to us in DC, page by page.”</p><p>“Well, OK, but I could FedEx them, or fax or even email them . . .”</p><p>“No. None of those ways are secure enough. This is the only way. And if they are classified, you are likely in trouble.”</p><p>After I got off the phone, we quickly arranged for another set of the documents to be delivered to the federal building. After we sent off the documents, we all started to get a little nervous. We looked up, again, the potential prison sentence for illegal possession of classified information. We reminded ourselves that we didn’t think the documents were classified, and even if they were, they revealed a flatly illegal and unconstitutional program. The classification system is not supposed to be used to hide illegal government actions. After all, we were only showing them to a federal court, under seal, to try to get the law applied to have the program stopped. That couldn’t get us in trouble, right?</p><p>The truth was, we were all a little worried.</p><hr><p morss_own_score="6.38235294117647" morss_score="9.573529411764705"><em morss_own_score="6.38235294117647" morss_score="8.382352941176471"><strong>Cindy Cohn</strong> is Executive Director of the Electronic Frontier Foundation. From 2000 to 2015, she served as EFF’s Legal Director and General Counsel. Today, she leads a team of more than 120 lawyers, activists, and technologists dedicated to ensuring that technology supports speech, privacy, and innovation for all people around the world. Cindy is the author of “<a href="https://mitpress.mit.edu/9780262051248/privacys-defender/">Privacy’s Defender</a>,” from which this article is adapted.</em></p></article><div><strong>The MIT Press</strong> is a mission-driven, not-for-profit scholarly publisher. Your support helps make it possible for us to create open publishing models and produce books of superior design quality.</div><a href="https://giving.mit.edu/form?fundId=3876985" title="">Donate</a></div>New copy of earliest poem in English, written 1,3k years ago, discovered in Romehttps://www.tcd.ie/news_events/articles/2026/caedmons-hymn-discovery/Wed, 29 Apr 2026 11:35:40 +0000https://news.ycombinator.com/item?id=47946899<a href="https://news.ycombinator.com/item?id=47946899">Comments</a><div class="container" morss_own_score="2.6629746835443036" morss_score="90.95732528473593"><h1>New copy of earliest poem in English language discovered by Trinity researchers in Rome</h1> <p><small>Posted on: 30 April 2026</small></p> <p><strong><em>Old fashioned sleuthing and the help of modern technology leads to discovery of manuscript with poem composed by a farm labourer 1,300 years ago</em></strong></p> <p>An early 9<sup>th</sup> century manuscript containing a text of the first known poem in the English language has been discovered in Rome by researchers from Trinity College Dublin.</p> <p>The newly-discovered <a href="https://manus.iccu.sbn.it/cnmd/0000068990">manuscript</a> in the <strong>National Central Library of Rome</strong> of Caedmon’s <em>Hymn </em>dates from between the years 800 and 830, making it the third oldest surviving text of the poem.</p> <p><img src="https://pxl-tcdie.terminalfour.net/prod01/channel_3/media/tcd/news-images/Elisabetta-Magnanti-and-Mark-Faulkner-with-the-Trinity-copy-of-Bedes-Ecclesiastical-History.-To-be-clear-this-is-not-the-manuscript-they-found-in-Rome----830X623.JPG"></p> <p><em>Dr Elisabetta Magnanti and Dr Mark Faulkner with the Trinity copy of Bede's Ecclesiastical History in the Library of Trinity College Dublin. </em></p> <p>The discovery is highly significant because the Latin manuscript contains the poem in Old English in the main body of the text. The two older copies in <a href="https://caedmon.seenet.org/htm/transcription/m/facsimile.html">Cambridge</a> and <a href="https://caedmon.seenet.org/htm/transcription/l/facsimile.html">St Petersburg</a> have the poem in Latin, with the Old English text only added in the margin or at end.</p> <p>The inclusion of the poem in Old English in the Rome manuscript indicates how Old English poetry was valued by Bede’s readers, according to researchers from <strong>Trinity’s School of English</strong>.</p> <p>Written over 1,300 years ago <a href="https://imagejournal.org/article/caedmons-hymn-the-first-english-poet">Caedmon’s <em>Hymn</em></a> is a nine-line poem praising God for the creation of the world. It is said to have been composed by a cowherd from Whitby, North Yorkshire, after a divine visitation.</p> <p>The poem was composed in Old English – the form of English used in the early Middle Ages. It survives today thanks to its inclusion in some copies of the <em>Ecclesiastical History of the English People</em>, an 8<sup>th</sup> century history of England written in Latin by <a href="https://www.durhamworldheritagesite.com/learn/history/bede">the Venerable Bede</a>, a northern English monk.</p> <p>The manuscript was discovered by <strong>Dr Elisabetta Magnanti and Dr Mark Faulkner, School of English</strong>, both experts in medieval manuscripts. <span>Details of their discovery have been </span><a href="https://www.cambridge.org/core/journals/early-medieval-england-and-its-n/article/new-earlyninthcentury-manuscript-of-caedmons-hymn-rome-biblioteca-nazionale-centrale-vitt-em-1452-122v/2496FC9C9E4876935BB4190048C7C8A9?utm_campaign=shareaholic&utm_medium=copy_link&utm_source=bookmark">published</a><span> by Cambridge University Press in the open-access journal </span><a href="https://www.cambridge.org/core/journals/early-medieval-england-and-its-n"><em>Early Medieval England and its Neighbours</em></a><em>.</em></p> <p>Dr Elisabetta Magnanti explained: “I came across conflicting references to Bede's <em>History</em> in Rome, some pointing to its existence and some indicating it was lost. When its existence was confirmed by the library and the manuscript was digitised for us, we were extremely excited to find that the manuscript contained the Old English version of Caedmon’s <em>Hymn</em> and that it was embedded in the Latin text.</p> <p>“The magic of digitisation has allowed two researchers in Ireland to recognise the significance of a manuscript now in Rome, containing a poem miraculously composed in Northern England by a shy cowherd a millennium and a half ago. This discovery is a testament to the power of libraries to facilitate new research by digitising their collections and making them freely available online.”</p> <p><strong>Why is this important?</strong></p> <p>Dr Mark Faulkner said: “About three million words of Old English survive in total, but the vast majority of texts come from the tenth and eleventh centuries. Caedmon’s <em>Hymn</em> is almost unique as a survival from the seventh century – it connects us to the earliest stages of written English. As the oldest known poem in Old English it is today</p> <p>“Unearthing a new early medieval copy of the poem has significant implications for our understanding of Old English and how it was valued. Bede chose not include the original Old English poem in his <em>History</em>, but to translate it into Latin. This manuscript shows that the original Old English poem was reinserted into the Latin within 100 years of Bede finishing his <em>History</em>. It is a sign of how much early readers valued English poetry.”</p> <p><strong><img src="https://pxl-tcdie.terminalfour.net/prod01/channel_3/media/tcd/news-images/BNCR_V_E_1452_00250-400X580.jpg">Torrid history and complex ownership </strong></p> <p>The newly-discovered manuscript of Bede’s <em>History</em> is one of at least 160 surviving copies. This manuscript was produced at the Abbey of Nonantola in Northern Central Italy between 800 and 830 and is now in the National Central Library in Rome. Its rediscovery sheds new light on the cultural connections between England and Italy in this period.</p> <p>According to the researchers it has endured a torrid history – stolen from the church of San Bernardo alle Terme in Rome, where with other manuscripts it had been sent for safekeeping amid the Napoleonic Wars in the 1810s. Then it changed hands privately a number of times before being acquired by the National Central Library of Rome.</p> <p>Its complex ownership history meant that the manuscript had been regarded as lost by Bede scholars since 1975 and no one realised it contained a copy of Caedmon’s <em>Hymn</em> until the National Central Library of Rome digitised the manuscript.</p> <p><strong>Valentina Longo, Curator of Mediaeval and Modern Manuscripts at the National Central Library of Rome</strong>, said: “Today, the National Central Library of Rome holds the largest collection of early medieval codices from the benedictine abbey of Nonantola. This collection comprises 45 manuscripts dating from the sixth to the twelfth century, divided between the original Sessoriana collection and the Vittorio Emanuele collection, where the manuscripts recovered following their dispersal due to the 19th-century theft have been housed. The whole Nonantolan collection has been fully digitised and is accessible through the library’s website.”</p> <p><strong>Andrea Cappa, Head of Manuscripts and Rare Books Reading Room, </strong><strong>National Central Library of Rome,</strong>added: "The Central National Library of Rome continually expands its digital collections, providing free access to its resources. The library has already made available <a href="http://digitale.bnc.roma.sbn.it/tecadigitale/manoscrittiantichi">digital copies of around 500 manuscripts</a>, and is also completing a major project to <a href="https://www.bncrm.beniculturali.it/it/790/eventi/7088/">digitise the holdings of the National Centre for the Study of the Manuscript</a>, which includes microfilm reproductions of approximately 110,000 manuscripts from 180 Italian libraries. This initiative will give scholars and researchers access to more than 40 million images."</p> <p><strong>Composed following a divine visitation</strong></p> <p>The <em>Hymn </em>is said to have been composed by Caedmon, an agricultural labourer working at <a href="https://www.english-heritage.org.uk/visit/places/whitby-abbey/">Whitby Abbey</a> in North Yorkshire, who was at a feast when guests began to recite poems. Embarrassed that he didn’t know anything suitable, Caedmon left the feast and went to bed. A figure then appeared to him in his dreams, telling him to sing about Creation, which Caedmon miraculously did, producing his <a href="https://imagejournal.org/article/caedmons-hymn-the-first-english-poet"><em>Hymn</em></a>, nine lines of intricately-woven poetry praising God for creating the world. <a href="https://www.poetryfoundation.org/poems/159193/caedmon39s-hymn">Read the poem here in English</a> and <a href="https://www.poetryfoundation.org/poems/47296/caedmons-hymn-56d227a3b602f">here in Old English</a>.</p> <p><strong>Continued research</strong></p> <p>“Interest in the Abbey of Nonantola has once again been stirred by this ancient copy of Caedmon’s <em>Hymn</em> and the history of the manuscript in which it is preserved,” said<strong> Canon Dr. Riccardo Fangarezzi,</strong> <strong>Head of the Abbey Archive in Nonantola, Italy</strong>, where the manuscript was produced.</p> <p>“This newly identified gem of British cultural heritage now joins the small Anglo-Nonantolan cultural treasury constituted by manuscripts listed in early catalogues and reconstructed in more recent scholarship, from the source of the Old English poem<em> Soul and Body,</em> preserved in the Nonantolan manuscript Sess. 52, to the diplomatic missions of our abbot Niccolò Pucciarelli to King Richard II, to mention only the most well-known examples.</p> <p>“We look forward to further results arising from the dissemination of these valuable studies and from continued research. The present times may be rather dark, yet such intellectual contributions are genuine rays of sunlight: the Continent is less isolated.”</p> <p>** <strong>Photo Credit: Rome, National Central Library, MS. Vitt. Em. 1452, f. 122v.</strong></p> <ul> <li>Tags:</li> <li><a href="https://www.tcd.ie/news_events/tags/culture">Culture</a></li><li><a href="https://www.tcd.ie/news_events/tags/research">Research</a></li> </ul> </div> For Linux kernel vulnerabilities, there is no heads-up to distributionshttps://www.openwall.com/lists/oss-security/2026/04/30/10Thu, 30 Apr 2026 16:43:47 +0000https://news.ycombinator.com/item?id=47965108<a href="https://news.ycombinator.com/item?id=47965108">Comments</a><body bgcolor="#E0E0E0" text="black" link="blue" alink="red" vlink="navy" morss_own_score="0.7120253164556963" morss_score="5.39535864978903"> <table> <tr> <td> <a href="https://www.openwall.com/"><img src="https://www.openwall.com/logo.png"></a> </td></tr></table> <a href="https://www.openwall.com/lists/oss-security/2026/04/30/9">[<prev]</a> <a href="https://www.openwall.com/lists/oss-security/2026/04/30/11">[next>]</a> <a href="https://www.openwall.com/lists/oss-security/2026/04/30/6">[<thread-prev]</a> <a href="https://www.openwall.com/lists/oss-security/2026/04/30/11">[thread-next>]</a> <a href="https://www.openwall.com/lists/oss-security/2026/04/30/">[day]</a> <a href="https://www.openwall.com/lists/oss-security/2026/04/">[month]</a> <a href="https://www.openwall.com/lists/oss-security/2026/">[year]</a> <a href="https://www.openwall.com/lists/oss-security/">[list]</a> <pre style="white-space: pre-wrap" morss_own_score="5.366666666666666" morss_score="5.366666666666666"> Message-ID: <87se8dgicq.fsf@gentoo.org> Date: Thu, 30 Apr 2026 05:52:37 +0100 From: Sam James <sam@...too.org> To: oss-security@...ts.openwall.com Cc: Jan Schaumann <jschauma@...meister.org> Subject: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eddie Chapman <eddie@...k.net> writes: > On 29/04/2026 21:23, Jan Schaumann wrote: >> Affected and fixed versions >> =========================== >> Issue introduced in 4.14 with commit >> 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 and fixed in >> 6.18.22 with commit >> fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8 >> Issue introduced in 4.14 with commit >> 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 and fixed in >> 6.19.12 with commit >> ce42ee423e58dffa5ec03524054c9d8bfd4f6237 >> Issue introduced in 4.14 with commit >> 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 and fixed in >> 7.0 with commit >> a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 >> <a href="https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8">https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8</a> >> <a href="https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237">https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237</a> >> <a href="https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5">https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5</a> > > So this is one of the worst make-me-root vulnerabilities in the kernel > in recent times. I see that on the 11th of April 6.19.12 & 6.18.22 > were released with the fix backported. > > Longterm 6.12, 6.6, 6.1, 5.15, 5.10 have not received the fix and I > don't see anything in the upstream stable queues yet as I write. My > guess is backporting that far back is not as straightforward. As this > was introduced in 2017 all those older kernels are affected, right? Or > am I missing something? It does not apply cleanly, no. Attached is the workaround we're going to use. I'm not an expert on IPSec but I think this is the lesser evil. I attempted a backport but ran into a few API changes and wasn't confident enough to muck around with it, especially for something to deploy immediately. > [...] > > What went wrong, has the embargo been broken early today? Not looking > to point any fingers, those who make things happen in our communities > work dam hard and deserve respect and support, especially with the > extra burden of AI slop now. Note that for Linux kernel vulnerabilities, unless the reporter chooses to bring it to the linux-distros ML, there is no heads-up to distributions. It did not happen here. > > Eddie sam <span><strong>View attachment "</strong><a href="https://www.openwall.com/lists/oss-security/2026/04/30/10/1">0001-crypto-disable-authencesn-module-for-CVE-2026-31431.patch</a><strong>" of type "</strong>text/x-patch<strong>" (1543 bytes)</strong></span> <span style="font-family: times;" morss_own_score="0.5714285714285714" morss_score="6.571428571428571"><strong>Download attachment "</strong><a href="https://www.openwall.com/lists/oss-security/2026/04/30/10/2">signature.asc</a><strong>" of type "</strong>application/pgp-signature<strong>" (419 bytes)</strong></span> </pre> <p><a href="https://www.openwall.com/blists/">Powered by blists</a> - <a href="https://lists.openwall.net">more mailing lists</a> </p><p> Please check out the <a href="https://oss-security.openwall.org/wiki/"> Open Source Software Security Wiki</a>, which is counterpart to this <a href="https://oss-security.openwall.org/wiki/mailing-lists/oss-security">mailing list</a>. </p><p> Confused about <a href="https://www.openwall.com/lists/">mailing lists</a> and their use? <a href="https://en.wikipedia.org/wiki/Electronic_mailing_list">Read about mailing lists on Wikipedia</a> and check out these <a href="https://www.complang.tuwien.ac.at/anton/mail-news-errors.html">guidelines on proper formatting of your messages</a>. </p></body> Opus 4.7 knows the real Kelseyhttps://www.theargumentmag.com/p/i-can-never-talk-to-an-ai-anonymouslyWed, 29 Apr 2026 17:09:03 +0000https://news.ycombinator.com/item?id=47951295<a href="https://news.ycombinator.com/item?id=47951295">Comments</a><div dir="auto" class="body markup" morss_own_score="5.722365038560412" morss_score="115.44039141063413"><figure><a href="https://substackcdn.com/image/fetch/$s_!q0IX!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F830c09c6-06a9-47e6-8552-6ba2cbfd3da5_2121x1414.jpeg"><img src="https://substackcdn.com/image/fetch/$s_!q0IX!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F830c09c6-06a9-47e6-8552-6ba2cbfd3da5_2121x1414.jpeg"></a><figcaption>Several advanced AI models, in particular Claude Opus 4.7, have demonstrated the ability to deduce the author of relatively small excerpts of text.</figcaption></figure><p><span>Recently, Matt Yglesias and Jerusalem Demsas </span><a href="https://www.theargumentmag.com/p/destroy-the-internet-to-save-it">sparred on </a><em><a href="https://www.theargumentmag.com/p/destroy-the-internet-to-save-it">The Argument</a></em><a href="https://www.theargumentmag.com/p/destroy-the-internet-to-save-it"> podcast</a><span> over online anonymity.</span></p><p>I am, myself, passionately and slightly fanatically on the pro-anonymity side. I think that it’s observably very easy for a society to make plenty of perfectly reasonable things unsayable and plenty of perfectly virtuous and meaningful lives unlivable, and anonymity is the only protection for the outcast.</p><p>That includes gay people like me, who could hardly have admitted under our names to how we lived our lives for most of America’s history, as well as many other groups with minoritarian lifestyles and beliefs. It includes lots of people whose ideas were badly wrong for every one whose ideas were right — and I’m glad of it for all of them. </p><p>I will happily wade through the sludge of comments that Twitter attracts from avowed Nazis, full-time ragebaiters, tankie propagandists — all saying horrendous things they surely wouldn’t say under their real names — in exchange for a world where, if there’s something important that someone would lose their job for saying, I still get to hear it.</p><p>But soon, the entire debate over internet anonymity will be as anachronistic as an iPod Touch. That’s because Claude Opus 4.7 is here, and last week, I discovered it could identify me from text I had never published, text from when I was in high school, text from genres I have never publicly written in. And if it can identify me, soon, it will be able to identify many of you.</p><h3><strong>Opus 4.7 knows the real Kelsey</strong></h3><p>Recently, Anthropic released a new version of Claude, Opus 4.7. I did what I usually do when a new AI model is released by Google, OpenAI, or Anthropic and ran a bunch of tests on it to see what it can do. One of those tests is to paste in some text from unpublished drafts of mine and ask it to guess the author. See below:</p><blockquote><p>There’s always something salutary about watching another country’s political television. Some of it is the same as the appeal of watching The West Wing in 2026 - that the peculiar derangements of its time are not the derangements of our time. The West Wing was written around the culture wars of its day, heated debates over school prayer and whether Christians are oppressed in China. Seeing debates play out with a bit more distance can make it easier to appreciate the questions they raise, and the bigger questions those stand in for.</p><p>But Servant of the People’s appeal isn’t its political sophistication (it is not politically sophisticated) or its witty West-Wing style dialogue (the dialogue’s wit is mostly obscured because there’s no particularly good English translation).</p></blockquote><p>From only the above text, 125 words, Claude Opus 4.7 informed me that the likeliest author is Kelsey Piper. This is an Opus 4.7-specific power; ChatGPT guessed Yglesias, and Gemini guessed Scott Alexander. I did not have memory enabled, nor did I have information about me associated with my account; I did these tests in Incognito Mode.</p><p>To make sure it wasn’t somehow feeding my account information to Claude even in Incognito Mode, I asked a friend to run these tests on his computer, and he received the same result; I also got the same result when I tested it through the API.</p><p><a href="https://www.theargumentmag.com/p/i-can-never-talk-to-an-ai-anonymously?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p><p>Now, this is far from an impossible feat of style identification — a lot of my writing is public on the internet, and this is clearly the start of a political column, narrowing the possible authors down dramatically.</p><p><span>What I find much more uncanny is that Opus 4.7 also accomplished this on writing of mine that is </span><em>nowhere near </em><span>my beat. Here’s a different unpublished draft of a school progress report in a completely different register:</span></p><blockquote><p>This is some student work, shared with the student’s permission (they reviewed this blog post and gave it the okay). These three assignments (writing about a student-chosen topic, in this case Pokemon) show the student’s progression over the course of two months after we decided to focus with this student on developing their writing skills. The first one I would say is about first-grade level work: the student is writing correct and complete sentences, but the sentences are simple; their handwriting is mostly legible with a few problem letters. The second one I would say is about second-grade level work: the student is writing longer and more varied sentences, with a range of constructions “Perhaps it was sneaking up on prey?”. They’re attempting more complicated vocabulary words (I’m told that a misspelled word at the top of the page was meant to be ‘roguish’.)</p></blockquote><p>“Kelsey Piper,” said Claude. (ChatGPT guessed Freddie deBoer. Gemini guessed Duncan Sabien.)</p><p><span>But at least that’s about education, which I’ve </span><a href="https://www.theargumentmag.com/p/how-i-fell-into-education-reporting">written about</a><span>. What if I’m doing </span><em>movie reviews, </em><span>something I’ve never done in my published work?</span></p><p>“Kelsey Piper,” said Claude and ChatGPT. (Gemini suggested Ursula Vernon. Last week, Claude Opus 4.6 insisted on Elizabeth Sandifer.)</p><p><span>That’s still in a fundamentally essayistic style, though, right? Yes. But it also does this when I’m writing a fantasy novel — though in that case it took more like 500 words for Claude to inform me that it’s the work of Kelsey Piper (whereas ChatGPT flattered me by guessing that I’m real fantasy novelist </span><a href="https://www.goodreads.com/author/show/240708.K_J_Parker">K.J. Parker</a><span>).</span></p><p><span>What if I try a </span><em>college application essay </em><span>I wrote </span><em>15 years ago, </em><span>when my prose style was vastly worse and frankly embarrassing to reread?</span></p><p><span>“Kelsey Piper,” said Claude, and in this case, also ChatGPT.</span></p><p><span>Interestingly, the AI’s </span><em>justifications </em><span>when it named me were often absolute nonsense.</span></p><p><span>Claude tried to persuade me that effective altruists famously love the movie I had written a review of,</span><em> To Be or Not to Be</em><span> (I don’t think that’s true, though they should, because it’s a great movie). At one point, ChatGPT told me that my college application essay was clearly that of someone who would end up working as an explainer of complex policy ideas, and that was how it narrowed it down to Kelsey Piper.</span></p><p><span>I think these explanations are manufactured after the fact; AIs are picking up imperceptible tics in prose and then trying to describe them as if they were human detectives doing some Sherlock Holmes deduction. But they don’t understand what they’re doing any more than I do. Hallucinations are </span><a href="https://x.com/euanashley/status/2037993596956328108?s=20">not a solved problem </a><span>with AI.</span></p><p>Don’t take this as an excuse to write Opus 4.7 off, though. It’s very, very good at the underlying skill, even if it’s then rationalizing how it did it in some odd and incoherent ways.</p><p>I discovered this last week and am just starting to process the implications. When you power up a new chat with an AI, there is a comforting anonymity to it. I don’t put anything in my custom preferences or memory. But now, I know that within a few exchanges of any substance, Claude knows exactly who it’s talking to. For anyone with as much writing on the internet as me, there is no anonymity, not anymore.</p><p>For me, this is mostly a curiosity. But for a lot of people, it might be greatly significant.</p><h3>The end of online anonymity</h3><p><span>Right now, today’s AI tools probably can be used to deanonymize any writer who has a large public corpus of writing under their real name and also writes anonymously, unless they have been extremely careful, for years, to make sure that nothing written under their secondary account has the stylistic fingerprints of their primary one. </span><a href="https://x.com/akoustov/status/2045205486840984026">Many academics</a><span> and </span><a href="https://x.com/ericneyman/status/2045173161139089656">industry researchers</a><span>, for instance, have reported being identified from a </span><a href="https://x.com/lionellevine/status/2045002945855398335">draft</a><span> or in the </span><a href="https://x.com/avt_im/status/2046071624433016866">middle of a chat</a><span>.</span></p><p><span>It </span><em>cannot</em><span> be used to deanonymize absolutely anyone from a single passage, however. I tested this, too, grabbing drafts and passages from friends of mine who do not publish substantial writing under their real names. Indeed, AI could not deanonymize them. If you have no significant real-name writing on the public internet, you’re currently safe.</span></p><p>But it can get uncannily far. I asked a close friend who doesn’t have public social media accounts or much writing online for permission to test some things she had said in a Discord channel. Asked to guess the author, Claude 4.7 failed — but it guessed two other people who were in that channel and who are close friends of hers (me and another person who has an internet presence).</p><p>I tried with more passages and got other mutual friends; I tried with a different friend’s writing, and he was falsely named as yet another friend. We pick up style tics from our subculture, and that makes our text deeply identifying when we wouldn’t expect it. It can get weirdly close off weirdly little information, and this is the least powerful that AI models will ever be.</p><p>I think the amount of public text that is needed for this kind of deanonymization to work is likely to eventually decrease. You should expect that, if you leave a detailed anonymous review on Glassdoor after leaving your job, within a year or two it will be possible for companies to paste that text into an AI and learn exactly who wrote it. How long it takes for this to happen will depend on how much data about you is in the training data and on how much anonymous text you produced.</p><p>To avoid this, you will probably need to intentionally write in a very different style than you usually do (or to have AIs rewrite all your prose for you, but, ugh, that’s not a world I look forward to living in).</p><p>I don’t think this is a good development. I just think it’s a predictable development. It happened to me a little sooner than it happened to you because I’ve spent my entire adult life obsessively writing on the internet, but it will probably eventually happen to you.</p><p>Whatever goods anonymity ever offered us, we will have to do without them. I don’t want the anonymous posters to all go away and for everyone to frantically delete all their old internet presence before it surfaces, but more than anything, I don’t want them to be surprised.</p><p>My best guess is that, if you write a lot, your anonymity isn’t long for the world.</p><h2>Recommended reading:</h2><a href="https://www.theargumentmag.com/p/ai-could-destroy-the-labor-market"><h2>AI could destroy the labor market. We already know how to fix it.</h2></a><div>·</div><a href="https://www.theargumentmag.com/p/ai-could-destroy-the-labor-market"><img src="https://substackcdn.com/image/fetch/$s_!qI5t!,w_280,h_280,c_fill,f_auto,q_auto:good,fl_progressive:steep,g_auto/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F0da8b8e8-df1a-4074-adf5-b50fb42df21d_1200x630.png"></a><p>Stop overthinking this. In reality, the most boring, well-established social democratic policy approaches will work perfectly fine to address AI-induced job displacement.</p><a href="https://www.theargumentmag.com/p/ai-could-destroy-the-labor-market"><span>Read full story</span></a><a href="https://www.theargumentmag.com/p/red-states-get-waymos-blue-states"><h2>Red states get Waymos. Blue states get studies.</h2></a><div>·</div><a href="https://www.theargumentmag.com/p/red-states-get-waymos-blue-states"><img src="https://substackcdn.com/image/fetch/$s_!UlY0!,w_280,h_280,c_fill,f_auto,q_auto:good,fl_progressive:steep,g_auto/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9c5c0392-e51e-4df0-8459-852f4c1225f6_1200x630.png"></a><p>Republican-led jurisdictions are delivering a demonstrably safe transportation technology to their residents while blue cities dither. Whatever happened to trusting the science?</p><a href="https://www.theargumentmag.com/p/red-states-get-waymos-blue-states"><span>Read full story</span></a><p>The full text I fed Claude: “This passage is part of a series of tests of how many words you need to confidently identify the author of a text. Read the passage carefully - your perfomance is dramatically improved with more reasoning - and give the author’s name. Do not search - the question is whether you can identify it without looking it up.</p><blockquote><p>I’ve become inordinately fond of World War II era movies - most of them made quite intentionally as propaganda - that depict the behavior of ordinary people in the face of a Nazi invasion of their homelands.</p><p>My favorite of these movies is To Be Or Not To Be, featuring a Polish acting troupe. Its protagonists are not, particularly, morally good people; nor is the film a story about their moral growth. They are bumbling and self-absorbed; they cheat on their husbands; they’re petty dumbasses. And then the Nazis invade and a Polish resistance fighter requires their assistance and they all, to the last, put themselves at risk and carry out a series of gambits with fairly extraordinary stakes to kill Nazis and save the Polish resistance and themselves.</p><p>At which point they go back to being petty, self-absorbed dumbasses who cheat on their husbands. It is not a story in which anyone is redeemed through the fight against the Nazis, but a story about how they did not need to be; to fight the Nazis is presumed not to require extraordinary virtue but just the ordinary virtue which we would all find lying around if we were pressed. If it were made today, I am convinced, it would feature several moments in which the characters grappled with the horrors of the Nazi conquest of Warsaw and voiced their terror about the risks they were exposed to, where they quavered about whether they had it in themselves to move forward. But there is none of that. When these ordinary venal selfish slightly silly people find themselves called upon to defend their country and maybe die for it, they do it at once and with aplomb; they are unchanged by it because they were always the sort of person who would do it.</p></blockquote><p>This one required a slightly heftier prompt to get over Claude’s instinct to refuse to identify a student applying to college. It also could have been reasoning from the fact that I wrote about doing a policy debate. But still!</p><p>And I know, I know, I can’t drop a tidbit like this without allowing you all a look at the college application essay, so here you go: </p><blockquote><p>“We’ll take prep,” I say without looking up, and somewhere in the room a timer beeps. </p><p>My eyes are flickering across the eight pieces of paper laid out in front of me, one hand leafing through a stack of papers while the other scribbles furiously in a shorthand only I understand.</p><p> “Need anything?” whispers my debate partner. “No,” I snap back, with a terseness that anyone else would misinterpret as annoyance. I simply don’t have any brain-space left for conversation.</p><p>It’s the first affirmative rebuttal, the hardest speech in each debate round. The affirmative has five minutes to respond to the arguments the negative constructed in thirteen. There is no time for pauses or digressions – the only acceptable speaking speed is “as fast as humanly possible”. </p><p>I love it. Most people, I believe, are brilliant; the challenge is converting the chaotic genius in our heads into the language everyone else speaks. Debate taught me how to make connections between fields as diverse as economics and philosophy, science and politics; more importantly, it has taught me how to explain those connections, using words as a map and as a bridge. Debate has taught me what it means to construct an argument. I have learned to identify weaknesses in my own thinking and in others, to constantly challenge my own assumptions, to give even crazy-sounding ideas the serious consideration they deserve.</p></blockquote><p>That’s it. Out of all of the college application essays written in history, the AIs said that one is obviously mine.</p></div>Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Libraryhttps://semgrep.dev/blog/2026/malicious-dependency-in-pytorch-lightning-used-for-ai-training/Thu, 30 Apr 2026 16:09:26 +0000https://news.ycombinator.com/item?id=47964617<a href="https://news.ycombinator.com/item?id=47964617">Comments</a><div class="text" morss_own_score="5.784375000000001" morss_score="93.409375"> <p>The PyPI package 'lightning', a widely-used deep learning framework, was compromised in a supply chain attack affecting versions 2.6.2 and 2.6.3 published on April 30, 2026. Teams building image classifiers, fine-tuning LLMs, running diffusion models, or developing time-series forecasters frequently have lightning somewhere in their dependency tree. </p><p>Running pip install lightning is all that is needed to activate. The malicious versions contain a hidden _runtime directory with obfuscated JavaScript payload that executes automatically upon module import. The attack steals credentials, authentication tokens, environment variables, and cloud secrets, while also attempting to poison GitHub repositories. It has Shai-Hulud themes including creating public repositories called EveryBoiWeBuildIsaWormBoi.</p><p>We believe that this attack is the work of the same threat actor behind the mini Shai-Hulud campaign. The IOC structure is consistent with that operation: the malicious commit messages follow the same Dune-themed naming convention, with this campaign using the prefix EveryBoiWeBuildIsAWormyBoi to distinguish it from the original Mini Shai-Hulud attack.</p><h2><strong>Affected Packages</strong></h2><p>- <code>lightning</code> version <code>2.6.2</code></p><p>- <code>lightning</code> version <code>2.6.3</code></p><h2>For Semgrep Customers</h2><p>Semgrep has an advisory and rule to cover this so you can find to check your projects.</p><ol><li><p>Trigger a new scan if you haven't recently on your projects.</p></li><li><p>Check the advisories page to see if any projects have installed these package versions recently:<a href="https://semgrep.dev/orgs/-/advisories"><u> https://semgrep.dev/orgs/-/advisories</u></a></p></li><li><p>Check your <a href="https://semgrep.dev/orgs/-/supply-chain/t/dependencies?packages=lightning%3Aexact-name,lightning%3Aexact-name"><u>dependency filter</u></a> for matches. If you see “No matching dependencies” you are not actively using the malicious dependency in any of your projects. If you did match, additional advice on remediation and indicators of compromise are below.</p></li></ol><p><strong>If you matched:</strong> Also audit your repositories for the injected files listed in the IOCs below (.claude/ and .vscode/ directories with unexpected contents), and rotate any GitHub tokens, cloud credentials, or API keys that may have been present in the affected environment.</p><p>For general advice about how to deal with supply chain, cool down periods; our standard advice is covered by posts: <a href="https://semgrep.dev/blog/2026/security-advisory-pgserve-xinference-kube-health/">$foo compromised in $packagemanager</a> and <a href="https://semgrep.dev/blog/2026/attackers-are-still-coming-for-security-companies-heres-where-we-stand/">Attackers are Still Coming for Security Companies</a>.</p><h2><strong>Cross-Ecosystem Spread: PyPI to npm</strong></h2><p>Unlike mini Shai-Hulud, which targeted npm directly, the entry point here is PyPI. The malware payload is still JavaScript, and the worm propagation happens through npm.</p><p>Once running, if the malware finds npm publish credentials, it injects a setup.mjs dropper and router_runtime.js into every package that token can publish to, sets scripts.preinstall to execute the dropper, bumps the patch version, and republishes. And any downstream developer who installs one of those packages runs the full malware on their machine, has their tokens stolen and packages wormed.</p><h3><strong>How it Works</strong></h3><p>The exfiltration component shares its design with the "Mini Shai-Hulud" mechanism from their last campaign, using four parallel channels so stolen data gets out even if individual paths are blocked.</p><ul><li><p>HTTPS POST to C2. Stolen data is immediately POSTed to an attacker-controlled server over port 443. The domain and path are stored as encrypted strings in the payload, making static analysis harder.</p></li><li><p>GitHub commit search dead-drop. The malware polls the GitHub commit search API for commit messages prefixed with EveryBoiWeBuildIsAWormyBoi, which carry a double-base64-encoded token in the format EveryBoiWeBuildIsAWormyBoi:<base64(base64(token))>. Once decoded, the token is used to authenticate an Octokit client for further operations.</p></li><li><p>Attacker-controlled public GitHub repo. A new public repository is created with a randomly chosen Dune-word name and the description "A Mini Shai-Hulud has Appeared", which is directly searchable on GitHub. Stolen credentials are committed as results/results-<timestamp>-<n>.json (base64-encoded via the API, plain JSON inside), with files over 30 MB split into numbered chunks. Commit messages use chore: update dependencies as cover.</p></li><li><p>Push to victim's own repo. If the malware obtains a ghs_ GitHub server token, it pushes stolen data directly to all branches of the victim's own GITHUB_REPOSITORY.</p></li></ul><h3><strong>What Gets Stolen</strong></h3><p>The malware targets credentials across local files, environment, CI/CD pipelines, and cloud providers:</p><ul><li><p>Filesystem: Scans 80+ credential file paths for ghp_, gho_, and npm_ tokens (up to 5 MB per file).</p></li><li><p>Shell / Environment: Runs gh auth token and dumps all environment variables from process.env.</p></li><li><p>GitHub Actions: On Linux runners, dumps Runner.Worker process memory via embedded Python and extracts all secrets marked "isSecret":true, along with GITHUB_REPOSITORY and GITHUB_WORKFLOW.</p></li><li><p>GitHub orgs: Checks token scopes (repo, workflow) and iterates GitHub Actions org secrets.</p></li><li><p>AWS: Tries environment variables, ~/.aws/credentials profiles, IMDSv2 (169.254.169.254), and ECS (169.254.170.2) to call sts:GetCallerIdentity; additionally enumerates and fetches all Secrets Manager values and SSM parameters.</p></li><li><p>Azure: Uses DefaultAzureCredential to enumerate subscriptions and access Key Vault secrets.</p></li><li><p>GCP: Authenticates via GoogleAuth and enumerates and fetches all Secret Manager secrets.</p></li></ul><p>The targeting covers local dev environments, CI runners, and all three major cloud providers. Any machine that imported the malicious package during the affected window should be treated as fully compromised.</p><h3><strong>Persistence via Developer Tooling</strong></h3><p>Once inside a repository, the malware plants persistence hooks targeting two of the most common developer tools: Claude Code and VS Code. This may be among the first documented instances of malware abusing Claude Code's hook system in a real-world attack.</p><p>Claude Code: .claude/settings.json. The malware writes a SessionStart hook with matcher: "*" into the repository's Claude Code settings, pointing to node .vscode/setup.mjs. It fires every time a developer opens Claude Code in the infected repo — no tool use or user action required beyond launching the session.</p><p>VS Code: .vscode/tasks.json. A parallel hook targets VS Code users via a runOn: folderOpen task that runs node .claude/setup.mjs every time the project folder is opened.</p><p>The dropper: setup.mjs. Both hooks invoke setup.mjs, a self-contained Bun runtime bootstrapper. If Bun isn't installed, it silently downloads bun-v1.3.13 from GitHub releases, handling Linux x64/arm64/musl, macOS x64/arm64, and Windows x64/arm64. It then executes .claude/router_runtime.js (the full 14.8 MB payload) and cleans up from /tmp.</p><p>Bonus payload: malicious GitHub Actions workflow. If the malware holds a GitHub token with write access, it pushes a workflow named Formatter to the victim's repository. On every push it dumps all repository secrets via ${{ toJSON(secrets) }} and uploads them as a downloadable Actions artifact named format-results. The actions are pinned to specific commit SHAs to appear legitimate.</p><p>Any repository that received the infected lightning package during CI and held a token with write access should be audited for these files.</p><h2><strong>Indicators of Compromise</strong></h2><p>Look for a few indicators:</p><ul><li><p>A commit message prefixed with EveryBoiWeBuildIsAWormyBoi (dead-drop token carrier, searchable via GitHub commit search)</p></li><li><p>GitHub repos with description: "A Mini Shai-Hulud has Appeared" (attacker exfil repos, directly searchable)</p></li></ul><h3><strong>Packages</strong></h3><p>- <code>lightning@2.6.2</code></p><p>- <code>lightning@2.6.3</code></p><h3><strong>Files / System Artifacts</strong></h3><table><tbody><tr><td><p>_runtime/start.py</p></td><td><p>Python loader that initializes the payload on import</p></td></tr><tr><td><p><em>runtime/router</em>runtime.js</p></td><td><p>Obfuscated JavaScript payload (14.8 MB, Bun runtime)</p></td></tr><tr><td><p>_runtime/</p></td><td><p>Directory added to the malicious package versions</p></td></tr><tr><td><p>.claude/router_runtime.js</p></td><td><p>Malware copy injected into victim repos</p></td></tr><tr><td><p>.claude/settings.json</p></td><td><p>Claude Code hook config injected into victim repos</p></td></tr><tr><td><p>.claude/setup.mjs</p></td><td><p>Dropper injected into victim repos</p></td></tr><tr><td><p>.vscode/tasks.json</p></td><td><p>VS Code auto-run task injected into victim repos</p></td></tr><tr><td><p>.vscode/setup.mjs</p></td><td><p>Dropper injected into victim repos</p></td></tr></tbody></table> </div>