shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

265
active users

#tips

9 posts9 participants0 posts today

New Open-Source Tool Spotlight 🚨🚨🚨

CVEMap by ProjectDiscovery simplifies vulnerability intelligence with a CLI tool that maps CVEs to EPSS, KEV, CPE, GitHub PoCs, and more. Customizable filters, JSON output, and integration-ready. Requires Go 1.21. #cybersecurity #opensource

🔗 Project link on #GitHub 👉 github.com/projectdiscovery/cv

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Unity tip. I feel not a lot of devs knows about it so here it is.

When renaming public variables in Unity, there is a way to not lose all the values you've given to that variable through the inspector in all your different GameObjects.

So in my exemple, let's say I've given all my items a "weight", but now I want it to be called "encumbrance". I can rename the variable without losing all that data I assigned.

docs.unity3d.com/6000.0/Docume

When updating a video, under Advanded settings > Video thumbnail PeerTube @peertube now lets you select a specific frame as the thumbnail directly from the video player.

A really handy interface not even YouTube has. The feature was likely released at least a few months ago but I only just noticed.

To improve metadata — and just for fun — I revised the thumbnails of all my videos.

You can quickly toggle between your two most recent directories with ‘cd -‘:

If you find yourself frequently jumping back and forth between two directories, stop typing out long paths repeatedly! Simply use the command:
cd -

This command will take you to the directory you were in just before your current one. Executing it again will take you back. It saves me a lot of typing and time so give it a try 😌

#unix#linux#bash

What happens when a single Go module can wipe your entire Linux system? 🧨💻

Researchers have uncovered three malicious Go packages that, once installed, can render a Linux machine completely unbootable. These modules—`prototransform`, `go-mcp`, and `tlsproxy`—were hosted on GitHub and disguised as legitimate open-source tools. What sets them apart isn’t just the malware, but how it’s delivered: hidden in obfuscated code that quietly checks if the OS is Linux, then downloads a shell script using `wget`. That script doesn’t just corrupt the system—it zeroes out `/dev/sda`, the primary disk, erasing all data beyond recovery.

These aren't isolated incidents. A parallel wave of threats has hit JavaScript and Python ecosystems too. Several npm packages—such as `crypto-encrypt-ts` and `userbridge-paypal`—were found stealing cryptocurrency wallet seed phrases and exfiltrating private keys. Meanwhile, other PyPI packages like `web3x` and `herewalletbot` targeted similar data and have already been downloaded over 6,800 times.

More concerning, another group of seven PyPI packages communicated through Gmail’s SMTP servers and WebSockets to exfiltrate data and enable remote command execution. Using hardcoded Gmail credentials, they sent success notifications back to attackers and opened persistent channels for control. Since Gmail traffic often bypasses scrutiny from corporate firewalls and endpoint protection systems, these packages operated with minimal detection.

The recurring theme here is trust—developers importing open-source packages assume some degree of safety if a library has been around or appears well-maintained. But attackers are exploiting that assumption, embedding silent functionality behind familiar names and benign-looking codebases.

Defensive practices matter. Teams should scrutinize dependency trees, validate GitHub sources, monitor for unusual outbound connections—including SMTP—and treat every third-party library as a potential threat vector, regardless of its age or download count. Ignoring this risk is no longer viable.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Replied in thread

@jwildeboer what do you mean with “manually”?

What worked well for me to get multiple years of photos from my iPhone was connect a cable to a computer and copy them over usb (I used rsync).

I found that setting the Nextcloud app to ‘delete after syncing’ in combination with the ‘sync over WiFi only’ option works good for me: it keeps my phone “clean” and it syncs all photos.

#nextcloud #tips

Oh and I suspect that the reason the “sync stops after a few 1000 photos” behavior of the nextcloud app cannot be blamed on nextcloud but is instead to be blamed on Apple and the restrictions on what (third party) apps are allowed to do.